ada1f60b55545c1f8a59fd28d2a5fd37d9655e9f059857121e1d493fada33750

Resubmissions

05/03/2024, 20:45

240305-zjqfasgh5w 8

05/03/2024, 20:41

05/03/2024, 20:40

05/03/2024, 20:37

05/03/2024, 20:34

05/03/2024, 20:31

05/03/2024, 20:27

Analysis

max time kernel
150s
max time network
160s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
05/03/2024, 20:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup.exe
Size

3.4MB
MD5

b16754e31096ff084460514287187a29
SHA1

149d9d7bc7bfa0ee218e55eb3778ea3cf6184dc7
SHA256

ada1f60b55545c1f8a59fd28d2a5fd37d9655e9f059857121e1d493fada33750
SHA512

86fad8a6ee5660aac5a0fa172d6094585793cc6b86996941211292a9e91fc2571c8fa807a3021561909c841491400991f152f18c8e1d247c663ff600643224f7
SSDEEP

98304:TWo5jp/vdcY8uC+gOhUL+byztZXlAuoVGmKeLEcjXXV9bA:TP59/VcYZCOW+bO+5Eo9c

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
4720	OperaGXSetup.exe

Loads dropped DLL 3 IoCs

pid	Process
2380	OperaGXSetup.exe
208	OperaGXSetup.exe
4720	OperaGXSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2380-3-0x00000000011D0000-0x0000000001791000-memory.dmp	upx
behavioral1/memory/208-5-0x00000000011D0000-0x0000000001791000-memory.dmp	upx
behavioral1/files/0x000600000001abf0-12.dat	upx
behavioral1/memory/4720-16-0x00000000011C0000-0x0000000001781000-memory.dmp	upx
behavioral1/memory/4720-17-0x00000000011C0000-0x0000000001781000-memory.dmp	upx
behavioral1/memory/2380-55-0x00000000011D0000-0x0000000001791000-memory.dmp	upx
behavioral1/memory/208-56-0x00000000011D0000-0x0000000001791000-memory.dmp	upx

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133541443046347985"	chrome.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
4932	chrome.exe
4932	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe
Token: SeShutdownPrivilege	2100	chrome.exe
Token: SeCreatePagefilePrivilege	2100	chrome.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe
2100	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2380	OperaGXSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2380 wrote to memory of 208	2380	OperaGXSetup.exe	73
PID 2380 wrote to memory of 208	2380	OperaGXSetup.exe	73
PID 2380 wrote to memory of 208	2380	OperaGXSetup.exe	73
PID 2380 wrote to memory of 4720	2380	OperaGXSetup.exe	74
PID 2380 wrote to memory of 4720	2380	OperaGXSetup.exe	74
PID 2380 wrote to memory of 4720	2380	OperaGXSetup.exe	74
PID 2100 wrote to memory of 4280	2100	chrome.exe	77
PID 2100 wrote to memory of 4280	2100	chrome.exe	77
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 3952	2100	chrome.exe	79
PID 2100 wrote to memory of 4968	2100	chrome.exe	80
PID 2100 wrote to memory of 4968	2100	chrome.exe	80
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81
PID 2100 wrote to memory of 4060	2100	chrome.exe	81

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2380
- C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
  C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.37 --initial-client-data=0x2b4,0x2b8,0x2bc,0x290,0x2c0,0x739f61e4,0x739f61f0,0x739f61fc
  2⤵
  - Loads dropped DLL
  PID:208
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4720

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7fff26b59758,0x7fff26b59768,0x7fff26b59778
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=524 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:2
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1788 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:8
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2088 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:8
  2⤵
  PID:4060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2968 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:1
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3004 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4024 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:1
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4932 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:8
  2⤵
  PID:1300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5100 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5132 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:1
  2⤵
  PID:3488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5472 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3996 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4960 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:1
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5172 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3976 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:1
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5340 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:8
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6108 --field-trial-handle=1848,i,6911785201311387316,9006870819573923207,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4932

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2216

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
195KB

MD5
89d79dbf26a3c2e22ddd95766fe3173d

SHA1
f38fd066eef4cf4e72a934548eafb5f6abb00b53

SHA256
367ef9ec8dc07f84fed51cac5c75dc1ac87688bbf8f5da8e17655e7917bd7b69

SHA512
ab7ce168e6f59e2250b82ec62857c2f2b08e5a548de85ac82177ac550729287ead40382a7c8a92fbce7f53b106d199b1c8adbb770e47287fc70ea0ea858faba6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b0ccf860ae9cbf3c_0

Filesize
18KB

MD5
3e44de6e0f924ed3212724dd8f9404da

SHA1
2fe189df98e040f5a3dfcfc51901360a03c1c80d

SHA256
705c796c53e46901ad2944718f888a32bba87aa26b46f1a3e9db45debb6c481b

SHA512
16377931220125ca3c64f89fd2c39dbd94ffa4c03eeceeaec036854aeb5f10c67eae39dc888026261ef78d6e2e2ca3468cd9c4fcec0ce707ab1ad2ae9176db60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\b2260c611ca6494a_0

Filesize
319KB

MD5
b51fac561bf5f8d3617c7d1bb6e68d75

SHA1
2d6c6834733596f4d1398a1c787915be00579323

SHA256
2a604cf1b16d7b06cb351e6ae32aa614eda5cebdb8edf3e71e7ce9abb787b14f

SHA512
92dfaa8ef7060e3185e9d689b9ad0cddacc9d87d85601a83a0fb6a934f6d03057d8bf632da3d636a42453d886cae14052cc44717f37a156e6a65b4c39970b66d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c8d05f7bb9b5d749_0

Filesize
289B

MD5
99ce48aa76cb9c5c5d70f59245993871

SHA1
6cf1b7caea71a958284b060efcd085d73182a7f4

SHA256
a350ba5f56ac5f618615bb6370ac3d1e8af31fa973dd9d171fbff4e2f428aac1

SHA512
83a521b778383abe1120e269493d1156788fd8295d7ee034d185a988731ab1c0a9e6860d2162a64175dadce0a87be9b819724193f9ae8ca3377fca7f3ff954a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f5c39b9eddc5fd42_0

Filesize
280B

MD5
b11c06155d5e88973706e4a16f6258cd

SHA1
2fe5e809c2e46d238e159dc275600a39465419f9

SHA256
e97e3a2d786a3a1a6e9a0b2d3c1f6889f5cc862ce9573cb0cc907ccf04025d65

SHA512
0fe6d11ab1fed97ffe7112d2864b44499d3eb8002c96455521b5ee14fd220c3d18896bb13eaf99f8a3433a748ba7f22dfd441be58a249421f97ccacec93818a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
0fd34410084cb6c3eacba52385a89dab

SHA1
21caff9ab026b084aed723e070fb9e9e4793b120

SHA256
6d537d19f372f06018b64e50f7ecd93b997d5b0be54d6bfe32ee8134262c077e

SHA512
4f2a53b69fc0876699ac631d57dd2c10dd1dca3565eda0b37cf1c4f4930aa37c418ae8ebc150ed027a3ee9f7fc0544583329400cf1a0293cc6bb317132bcb21b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
44d408f98c1a659508e2e13c7db8978b

SHA1
d4f2ae6829709bc462a00f23304f829aa6951706

SHA256
9d3d52d120b37128aecdf96df02feb3d1d490046fa891de6ec15496537863711

SHA512
c09d5c8b97a91e9b8b877f563851725fd2b030ad80a0a7cdad6b5e9ccea79f1f8d958edf3d3a6b022c409775a64ec7c0ba8debca08a15642a6c32672d99e9001

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5b6201af1123b6b2bf44b4573ba3caa9

SHA1
d1876f7537c55115ec791dd04631d4d74595c4f1

SHA256
b95b14786614066cbfc6fed216dd30d86019d1db94959144f92422e977de345b

SHA512
c43efef4ba11aac8c81da0c5a1a5f9d7714ea28e4e11a4e94e2c9be829db9e5fffacd90cfe392c7c2c0e8340acb3d43813cec3615d0a46bd600e024d05427620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
10d710807119e2cbf9385dfcceccb9d4

SHA1
0435fb8935080d9921b2250295c88e418c1016a0

SHA256
2d848aa2c5ca4fcbda537f503263c7129abfdde8cd9faa0fc98717068a6b2475

SHA512
08aa59c341179b58644a4aca500902859a573e7a3eecdb2a400b6c80e5fccfe3b582ea63bcd7f67760cbe2f334279f85461066d1f196a741a569199b547c40ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
73cf8d85ca81da8b3d462bbea74b62a7

SHA1
c598f3f4b8145fb6163d4a4b41cdf2262538eac5

SHA256
61cc51cc0767a5126195e7e041e23bc0e90bc4f004869b7f4257670630a10b34

SHA512
97f820ca9e8fba064ac300061469990784f32776fc933573837ceabf9aad5318efb607e192d0ddca29c4100f909e38f9462a8ce24ae6d52af150d5cac5296ecd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
50c84121927ed91645b8f3f0674b3584

SHA1
56cb9ca840c701f3c9e163fc2ac2baebe5b591cb

SHA256
d158270dbcf4397cd408a6610c39c8a2bc3baad449c0ae9911b352efe70d56de

SHA512
46210dc8d66dde2f59b6f616f546d1a9429cbd421cb27f82925fb1a1dd8a05fdc2d13a16325f0a1ea803f7a0f4cc2788f03c933746c02700c3420fa0e7f38b56

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
e9cd502e8e0ef9c955e1b0e616b794b6

SHA1
93be9f23a2f726a9398e8c55d08d693fb8321c10

SHA256
335b7e20ba0fa36addbe97e74dcf97849bddd0e095dbebaa84d1db614d151f22

SHA512
879ca9f36c62777b593fc2d3b33cab2a3d4a5c4d62d58b78dd6e4c974b417e84b8b6d48befc99d4d9d646fb79ad22034c5b9f6c3b244c446bd8c550ef0d7b92a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
516ba4778ddef2c4230304e17d19739c

SHA1
c0880fcd77e4507475cc902a783d90858c815e2e

SHA256
580522fe7160cd9e47105633202ca425fce866530fc155030353478b1f457bb1

SHA512
5a282c2d71bd215cc2e0ecc42242df3c59707e11a71a621ec4fc039128a2c00af8e8b90f98267a9b8b201f84d005e93acb018ff10f8a035537d7092e9279b09d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
1631b73eb97d1bf7e9651f1359b4f74e

SHA1
59a36999ca3031ce3e5d76c8ed6fbdadb5e178d3

SHA256
c9c526b2e38d7761f404dbb025d7f4cf8c10b697abcc1463f80ea4a9ec8cdb36

SHA512
b849e5ce07db4a86ecb7a05a7666dcd4ccf1a9d7cec403b827731ba925eb58bb601ceee468f7336e4fad0c850a488eb531f82a44fda677fa0fa507878ab082de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
fca91613299917da92f8819bb7bed42a

SHA1
7b6c62879eb67bbd24f8d9639fe5236c11b2634a

SHA256
e6170d9a18adabcf951cc53e7c075dce447ef237216cff18225726e483da715e

SHA512
977919f399957978b0ca00dabfbb34ad89909ed8cb6f5ead6c630fe4f1d7a6df945c4871ea16efaf64822ce9f0658cbf2da01a3237844556c61b6a2c0bab2b96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
ad8db2b624653e43728ed35b55b4340d

SHA1
3074f2b577360fe98d2e46b58cbd1f763f89efd6

SHA256
9317563c6dcfc7058e250a356180d0c210c150a222a292fe520b6c15e51f674c

SHA512
cc4a67e523d23e64b8ec01a0f86e62c337f4df3a5e968c8fa8baea8e82a2a4e2a7ce0b7ffdb7cac3d6b2366697a1bd84ff66a728d536520ed0a8d1770cf3fa53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
df23c3154222d6d67952c99a474f3d16

SHA1
cb25eb806fc2a01ee8c86897e04bf1681aa8f4e1

SHA256
9bf2f111388864cf81cbe8418db3acaf3e374ff0e913602872d449e65e73b2cd

SHA512
3dd0ce59d34ace34af767af7484bff97c372d0505aa6f6c627674cc4f22428047b5187508de62ef4e1e24bbc0e92ecb6067f7595861e5ebaee8dd58d44c10d34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
86d52ab65457ab84deb67bcf25ce223f

SHA1
4d10d200a6aec1419924726126a3ecc4ae922604

SHA256
9196a2001b0370738735b299cac42967908615399b132fd33e2f9b0706e05856

SHA512
b80def88406930881e223f3d4b0ec802b2581b3edc5d7c0e2d50619ba2bcf117c13377222a56d8d8e9925e65b75c510d28f36072c6959091418d0da15683b7fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
83a2dfd4f2cafcea10cddfa428be9280

SHA1
39072007cdd5e17f4bf24995dd0435a6791a55ce

SHA256
915b0ee1332988b2ba5a0c1065105b05a170a94fab8bd1f56ac2358caf75e28f

SHA512
bfc01104f4951e11b0912488b4817ffbe6f5b99066fed2ffcd852c8e851e6b95a2b50166b6b4d7044dc0be39c9a6fd5e026730799dfe8f030f962773bfc5d922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
378d8f7c53c44f50c783ae9c85708778

SHA1
8135526a998cb553f1647227979fb7f9770f9289

SHA256
acef726755cfa94acbc3348cb25ffd572499f90ab34b1cab49e24c21a44e7185

SHA512
c9a616984d44bebc2b484b8eb18c5d33478e54a8f92c4244ae3b92d641e4da4e0a900a6ed5bf23689cf0f99567958eb0b19c4c2c14fc25bd4a0c489ceec96b1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
0724004ef9d80c4bba4e1c8aea00ca89

SHA1
0c3633809fd595cb7fe333d3e5e3fc18a2f128b9

SHA256
d7fa350bf8e056a80e9a2d6aa9c43382746afbebae1f50e59422c62ffce1b1d9

SHA512
f3a9fcc04b2d4b97e5142a49b6bee6b5af6982ca269246130a9e989f9d9905ea6a49f702515f01d97a2cd1dd1791adaf491ce59c05a18dd399ae2165c1f2cb3f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
d1dedb32ec5af9ae941d777a4ef37e91

SHA1
031b8028a1194a4e8e65f0837a0f3ffe456456fb

SHA256
f92b64e82f0914c4588c7bdaf8093e1151a71a2bb7c14daa514010a293e82320

SHA512
0f73e8d919c6fc65d236637e6540340484b1c9dba70cfe1b0da1a7506f0ea1a48918e5bab9ab5ecf8cd0ed126f7948be8edf1c5cb34db42282e4b98ba8b4623d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
258KB

MD5
de3cf2d2461fe34ed2d8ffb806d85f9f

SHA1
25a0b64c6c63ac5d96b89e504a1f8001df260787

SHA256
829927a24667d6b07ea565ab3c01bc62021901c3aedb946685f815a77efa8ad3

SHA512
7ba17119b66ce941d1524a4a58a216540ce0df7c6984c4b59d8b65a05d835d24e7db9e04e68953994c8488606741a916d29fc4830a1ce1e8ea82f147fde57d21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
5ef69c8e5046a4a7785c05f331ddd450

SHA1
0cab23f3242c8e905091eda8a2c43b6ac9d80acb

SHA256
addca18cf400b7ab7ffd7b2d5ffe82d3a6542d30a8fb283f79d1cfaca338d557

SHA512
44f6098d175d5882c3b80ade8b62b330122c28eca3f041f8d93f4dbb979727637641086d208645d0f92a2249aa267c499d7b126e50832c4ec6f0a666b892c168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe596279.TMP

Filesize
93KB

MD5
e1f532d58742024ea1bab837ab50bce4

SHA1
d8b2eb8e03550d5534686dd60ab2a80f61b60e89

SHA256
aca7aaeb57156fd6d9a3cf9f6f59fd142b2aad1ec888b8a4fb271a633bad3ebb

SHA512
9398a69c107ccd840fea06c519e28b4e1596e2808b73ec76635ed80a17b2a1d6f84f583307f395e1113399e6a3e3b6ad9ee91a58535d35c6d1ff273985c2c49a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
192KB

MD5
dd1e60c031eaf78a238daedaccf82e49

SHA1
6d2310ecca5f052b9b666f1b3b60a5b18f5bed21

SHA256
8deb0c30b2a66b1a0945e218a6bc42372b27c25743a9512b10835fc0345922ce

SHA512
d52ab4193a9cd65c9881ca5c82fa52fc69aa2f9b593e7b2d6608a9403aba1f3f42f871e37d21097aa7ed30279dcf65dd3179536038a85184610f61430833e60d

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2403052031348212380.dll

Filesize
5.2MB

MD5
2e9e548040cbc282125031030041b2a9

SHA1
a84b26339be4cdd889ac806227c3260d57296605

SHA256
b44501388ac04d3db78e167cc1dc4daea68aa5c7140a2976b5a8e04f6d2438eb

SHA512
8be8af00aabe5e5ccac38faaf9ed499ea9c84d6a180a3cbce81297b58e1b4cfff5597638587c8f81058f59e19f87ac4bcdacfb34e1fce7ac61128837e39d3e7b

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2403052031369774720.dll

Filesize
4.4MB

MD5
3b4eec0eec592f684c8d433df158d1a0

SHA1
b9f97cafd8b4f9717f602b842aa6b7b371782575

SHA256
21de364546bebffbf89aedc04ab136a1a664e1939f540ac42b03dea651576ed4

SHA512
5ab3367f481e1fdf939c5a672bd4911fa934e0fd09db0f813706fc478dcd6e1d5c5eae1c09008e56c83ee9d52cdeee98ec79746af65c813af27176694a7152af

Download Submit
memory/208-56-0x00000000011D0000-0x0000000001791000-memory.dmp

Filesize
5.8MB

Download
memory/208-5-0x00000000011D0000-0x0000000001791000-memory.dmp

Filesize
5.8MB

Download
memory/2380-55-0x00000000011D0000-0x0000000001791000-memory.dmp

Filesize
5.8MB

Download
memory/2380-3-0x00000000011D0000-0x0000000001791000-memory.dmp

Filesize
5.8MB

Download
memory/4720-17-0x00000000011C0000-0x0000000001781000-memory.dmp

Filesize
5.8MB

Download
memory/4720-16-0x00000000011C0000-0x0000000001781000-memory.dmp

Filesize
5.8MB

Download