ada1f60b55545c1f8a59fd28d2a5fd37d9655e9f059857121e1d493fada33750

Resubmissions

05/03/2024, 20:45

240305-zjqfasgh5w 8

05/03/2024, 20:41

05/03/2024, 20:40

05/03/2024, 20:37

05/03/2024, 20:34

05/03/2024, 20:31

05/03/2024, 20:27

Analysis

max time kernel
136s
max time network
143s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
05/03/2024, 20:37

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup.exe
Size

3.4MB
MD5

b16754e31096ff084460514287187a29
SHA1

149d9d7bc7bfa0ee218e55eb3778ea3cf6184dc7
SHA256

ada1f60b55545c1f8a59fd28d2a5fd37d9655e9f059857121e1d493fada33750
SHA512

86fad8a6ee5660aac5a0fa172d6094585793cc6b86996941211292a9e91fc2571c8fa807a3021561909c841491400991f152f18c8e1d247c663ff600643224f7
SSDEEP

98304:TWo5jp/vdcY8uC+gOhUL+byztZXlAuoVGmKeLEcjXXV9bA:TP59/VcYZCOW+bO+5Eo9c

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
752	OperaGXSetup.exe

Loads dropped DLL 3 IoCs

pid	Process
2208	OperaGXSetup.exe
4948	OperaGXSetup.exe
752	OperaGXSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2208-1-0x0000000000010000-0x00000000005D1000-memory.dmp	upx
behavioral1/memory/4948-7-0x0000000000010000-0x00000000005D1000-memory.dmp	upx
behavioral1/files/0x000600000001ac33-12.dat	upx
behavioral1/memory/752-16-0x0000000000FD0000-0x0000000001591000-memory.dmp	upx
behavioral1/memory/752-17-0x0000000000FD0000-0x0000000001591000-memory.dmp	upx
behavioral1/memory/2208-37-0x0000000000010000-0x00000000005D1000-memory.dmp	upx
behavioral1/memory/4948-38-0x0000000000010000-0x00000000005D1000-memory.dmp	upx

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-682446400-748730298-2471801445-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4964	firefox.exe
Token: SeDebugPrivilege	4964	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
2208	OperaGXSetup.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe
4964	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2208 wrote to memory of 4948	2208	OperaGXSetup.exe	75
PID 2208 wrote to memory of 4948	2208	OperaGXSetup.exe	75
PID 2208 wrote to memory of 4948	2208	OperaGXSetup.exe	75
PID 2208 wrote to memory of 752	2208	OperaGXSetup.exe	76
PID 2208 wrote to memory of 752	2208	OperaGXSetup.exe	76
PID 2208 wrote to memory of 752	2208	OperaGXSetup.exe	76
PID 4908 wrote to memory of 4964	4908	firefox.exe	79
PID 4908 wrote to memory of 4964	4908	firefox.exe	79
PID 4908 wrote to memory of 4964	4908	firefox.exe	79
PID 4908 wrote to memory of 4964	4908	firefox.exe	79
PID 4908 wrote to memory of 4964	4908	firefox.exe	79
PID 4908 wrote to memory of 4964	4908	firefox.exe	79
PID 4908 wrote to memory of 4964	4908	firefox.exe	79
PID 4908 wrote to memory of 4964	4908	firefox.exe	79
PID 4908 wrote to memory of 4964	4908	firefox.exe	79
PID 4908 wrote to memory of 4964	4908	firefox.exe	79
PID 4908 wrote to memory of 4964	4908	firefox.exe	79
PID 4964 wrote to memory of 5004	4964	firefox.exe	80
PID 4964 wrote to memory of 5004	4964	firefox.exe	80
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81
PID 4964 wrote to memory of 656	4964	firefox.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2208
- C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
  C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.37 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x737661e4,0x737661f0,0x737661fc
  2⤵
  - Loads dropped DLL
  PID:4948
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:752
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052038111\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052038111\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
  2⤵
  PID:788
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052038111\assistant\assistant_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052038111\assistant\assistant_installer.exe" --version
  2⤵
  PID:6336
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052038111\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052038111\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x1084f48,0x1084f58,0x1084f64
    3⤵
    PID:6452

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4908
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.0.616994382\966413953" -parentBuildID 20221007134813 -prefsHandle 1680 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe3baee6-0cde-43a6-953f-525c0985db92} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 1760 14f61cdd058 gpu
    3⤵
    PID:5004
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.1.448224440\1160858050" -parentBuildID 20221007134813 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7f42d17-b53d-4ff8-90a5-c9fd97f572cb} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 2116 14f6183f858 socket
    3⤵
    PID:656
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.2.1802250407\1992577016" -childID 1 -isForBrowser -prefsHandle 2876 -prefMapHandle 2712 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7939ea52-cb9a-4bc1-b25d-2a6964d2658f} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 2724 14f65fc6858 tab
    3⤵
    PID:3920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.3.1832449412\1151043395" -childID 2 -isForBrowser -prefsHandle 3468 -prefMapHandle 3464 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {8ba52417-25b2-4243-81f6-1239fbf21c3a} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 3472 14f4f862558 tab
    3⤵
    PID:3316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.4.1518830496\1361554571" -childID 3 -isForBrowser -prefsHandle 4212 -prefMapHandle 4208 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14a7b0c0-aad9-48cc-a896-645ff4716fdb} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 4224 14f671e1e58 tab
    3⤵
    PID:4388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.5.1558570222\158654701" -childID 4 -isForBrowser -prefsHandle 4856 -prefMapHandle 4852 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {57aa0067-86ac-455b-ba2e-443250b50380} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 4864 14f4f866558 tab
    3⤵
    PID:1064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.6.632082563\1691168362" -childID 5 -isForBrowser -prefsHandle 5000 -prefMapHandle 5004 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5388738a-a39e-4534-bbfa-1aee721b40ef} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 4840 14f67f6c658 tab
    3⤵
    PID:4140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.7.335869887\1265661946" -childID 6 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {de711abf-9c13-449d-9b86-f9088efc7a33} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 5176 14f6815a258 tab
    3⤵
    PID:5040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.8.859991377\670947087" -childID 7 -isForBrowser -prefsHandle 5588 -prefMapHandle 5552 -prefsLen 26641 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38459bcd-af3a-4f5d-891c-eb301411b301} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 2992 14f67490858 tab
    3⤵
    PID:3660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.9.1741320107\1173723679" -childID 8 -isForBrowser -prefsHandle 5992 -prefMapHandle 5916 -prefsLen 26816 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8be2b17-278b-4754-8f5a-343ccae03d61} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 5552 14f69537c58 tab
    3⤵
    PID:2112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.10.1452324913\647895024" -childID 9 -isForBrowser -prefsHandle 6320 -prefMapHandle 6376 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a2b532fe-6f31-46cd-a22c-d2466ef7a097} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 6340 14f6bfea658 tab
    3⤵
    PID:5540
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.11.44749681\1808274488" -childID 10 -isForBrowser -prefsHandle 5712 -prefMapHandle 6488 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2141370a-19ba-44a0-97a4-c48fb938cf8e} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 6508 14f6bd1eb58 tab
    3⤵
    PID:5984
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.12.683894963\2082279300" -childID 11 -isForBrowser -prefsHandle 10620 -prefMapHandle 10708 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b869440-9846-4813-97a5-94fca91d4788} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 10572 14f6d361158 tab
    3⤵
    PID:5604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.13.1646651321\932607015" -childID 12 -isForBrowser -prefsHandle 10260 -prefMapHandle 10580 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {63a943b1-a4fe-4819-bd0f-5ac38767f6cb} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 10272 14f6d734158 tab
    3⤵
    PID:5272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.14.330602041\156835010" -childID 13 -isForBrowser -prefsHandle 10124 -prefMapHandle 10120 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3622776d-ec09-4eda-8b8d-89941143f76f} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 10036 14f6d736e58 tab
    3⤵
    PID:5280
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.15.1744552908\1982563552" -childID 14 -isForBrowser -prefsHandle 9864 -prefMapHandle 9872 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9eb05ef-3391-417a-a66b-ca9bfb85d18c} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 9812 14f6e237058 tab
    3⤵
    PID:5912
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.16.1689597601\1310511732" -childID 15 -isForBrowser -prefsHandle 9672 -prefMapHandle 9668 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9e4997f-c554-4abb-814f-2482f8dc54b4} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 10132 14f6e236458 tab
    3⤵
    PID:5732
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.17.770619981\129265390" -childID 16 -isForBrowser -prefsHandle 4972 -prefMapHandle 4968 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e5cc096f-4d43-4d8c-8485-916687b293e1} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 5448 14f6e9e5158 tab
    3⤵
    PID:6576
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.18.1018971902\2061520599" -childID 17 -isForBrowser -prefsHandle 4912 -prefMapHandle 4900 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcd673bb-befe-42a7-816d-dccb8c280fd0} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 4924 14f6e9e4858 tab
    3⤵
    PID:6584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.19.302530816\1222509372" -childID 18 -isForBrowser -prefsHandle 9148 -prefMapHandle 3152 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {282662e1-d4ea-46a9-a340-e0e448aa7ff4} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 9156 14f6e9e5a58 tab
    3⤵
    PID:6592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.20.260286294\1559302525" -childID 19 -isForBrowser -prefsHandle 8992 -prefMapHandle 8996 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {37851b3b-0f49-488b-965b-6a4c891b2d8f} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 8984 14f61fbd258 tab
    3⤵
    PID:7028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.21.2049784453\899136594" -childID 20 -isForBrowser -prefsHandle 8932 -prefMapHandle 9032 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0133687-6b80-42a1-b748-5307863e8a5d} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 9448 14f6e1bf858 tab
    3⤵
    PID:5268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.22.2037542539\284152559" -childID 21 -isForBrowser -prefsHandle 9448 -prefMapHandle 4940 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {01e86e83-d6ab-4e6c-99f4-ec849a53e1c5} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 8716 14f6f0bbc58 tab
    3⤵
    PID:2092
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.23.578749404\1215837186" -childID 22 -isForBrowser -prefsHandle 4976 -prefMapHandle 10364 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a832ab9-32bb-41cf-a4c0-ed26508cb6b1} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 8700 14f6d908458 tab
    3⤵
    PID:6884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.24.2083368504\540446664" -childID 23 -isForBrowser -prefsHandle 8860 -prefMapHandle 8844 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b70c73b7-fa99-4dbb-9f3d-10a19779c88c} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 8872 14f6bd68f58 tab
    3⤵
    PID:592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4964.25.462879802\918202720" -childID 24 -isForBrowser -prefsHandle 9024 -prefMapHandle 8880 -prefsLen 27081 -prefMapSize 233444 -jsInitHandle 1244 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b8602b90-0f09-4f47-b393-e9588e016cae} 4964 "\\.\pipe\gecko-crash-server-pipe.4964" 9452 14f6bd95b58 tab
    3⤵
    PID:304

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\10894

Filesize
9KB

MD5
b5622016bf258364b3587c4173a6709e

SHA1
4baf4338bd24a4526bb14a50dd096b93916b2fb0

SHA256
95c8048f6ae0a9160f4450082cda1ffd5dcceacf7e84ac7720ac764f1bfe486e

SHA512
860cfaf977041ce58e17147f377a55a7dbb2986c7c6ba08c6f8f854a18ba1a59345cbe5280cb2bcde00b7445afe5250b81eaa4e06d2dfc941fe5c15ce05ddf0b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\15731

Filesize
9KB

MD5
bc919e331a548d798e507fe72ee9dcac

SHA1
e59bee179c3ec56b517ba394215b37aa86717878

SHA256
579383fedd1a5618aa26ba8a65c8815a6585d0ce3bbce0f817b03089dbb4a8bf

SHA512
32961a5679bbbd89921a9e1565551194669542af4d84d06d131986b90ce428a676a96f89a7130b8c9a1d6d966ab2c327e8bb75578e411007a8a16081438b042f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\24931

Filesize
8KB

MD5
0cac7e5c25576793776abd7cd7a0615a

SHA1
fd4c85cc7c74fd6ac78adff19125c05e9ac9cfc7

SHA256
107cf141385147ca977cff441fcd63006106fca459226dcf38c8e68bf9d7ce83

SHA512
37c8a469ae793f2da31fb96e7bd601c8aebab0aa5b415dd7c0341b5222823f402742befa2c9cf11fb3cb45e1d608d17b9ac5f7d29302658b5dfaca99d58abb83

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\27366

Filesize
8KB

MD5
95080a69f3dff3c0b78da80790147b1f

SHA1
6dc6e30ee7feea416e178ee654a99f5388132905

SHA256
01a9bfe38adeda63483448b5732c294adb2d13c74731b7c94418878b151931f5

SHA512
966be7224949e3b2516a188342b6099d3ca24a8317ac90ffcfc9364775a112fcdf696c782afe33f15613e29c6b3532568fbf8f855ff421fd9af805ee7ceb8c12

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\29386

Filesize
8KB

MD5
9917de894216990377d1bce0500c7439

SHA1
7711e81b8792f82e23f1532535031fb9dca7ff28

SHA256
470d4ff9a494242a267fb67315179e6754e3fd7bc079acdc042b5aca9ca166e6

SHA512
6c43381ff0bdf55aa06229765a8b2e5cf7f8e246cefc0f3981d2dcac26bc13d67f0a4428a3e4b66f0e5247d43c1fd26c29ea4a6aad070d3161d75651c6ff18df

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\29587

Filesize
8KB

MD5
8754173719f6f7d32a93d74dbf485b60

SHA1
2214a1e8aeef93547b9e95abccba9e38608d8380

SHA256
31fd14f6f4c1e86ab5875cc4b39b35bd5a72087c91788352a258e926a331744c

SHA512
21d2756e44436a6faef915e77f0e2faed92c1f50064a2df6e3fe3cd7af76889bd2a5556ed6c1a2ff9b998f6897bb8429d8ab7b41ae703633acaac4a6661f8f78

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\3364

Filesize
8KB

MD5
86d93a4acf7ecbf77900393c32de94d3

SHA1
d097c278aef6edd4c7016e253b0cfdd0ca3c28be

SHA256
d1eab1ee2fb9ef8001d662fb7cec6288e489dd0fab10b0616867cddf80cfa5f4

SHA512
a6586dc81ff7689a85d7d2ba577c4212949536ec00d50126b5d0e196f050f30e3b85534f57ec147051bd984a8b1f2165886b122751d10d0a4099e7c1af4f4575

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\3979

Filesize
8KB

MD5
15b3651a85ff1a05de21bc7719bf24a1

SHA1
ee11d185abdaf917f245b790724f85846a11b3bc

SHA256
af9b8c59b5ee11b25ac866598dd22117088a6027fa897ab1ec816eb374f367fe

SHA512
9915105494c4fcd1be5a811c7f3a0f4e6980c76b6648275a7bfde37ecc847bd71e33c3d69f136ce28f68fc3c6bce7fc48bc56f04985a2e51ac827dc6e085a569

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\5822

Filesize
9KB

MD5
6a9b6b394ab9dd4876e3303d639f0a1c

SHA1
e5d32a7f47cbb98804e01157894db4452158b93b

SHA256
f58bf214c77c41c156292ce1a87544e188655a04e9014cc7c79c6803e1437bec

SHA512
ed03e4d6951fd44c4392558443f7dcdace57bbbe28361771d79e346d1e8906e6bfc381a830939ce34e5af6d5d8283ab2a9865d706044950cc78ee582a9e2ba09

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\doomed\9088

Filesize
9KB

MD5
549d7e3ab1705b8ae5392057e6ca4ce2

SHA1
7ad015058e7fba1c9a43abdc5bd46d82d79da6de

SHA256
fbc5ac338235ed3c70108815fa8f52eb643a3345b5152b1f4d2d043861b6c6b5

SHA512
77f972d4455cbbdd76126d5a4b640c15d796f56a7341cd013d4825172c025d3a80dfb60a219b9013d9158ff6607ba85331fc36e44bace9fa994cdde109bc5fa1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\0CD3EF0014ACFB37F6F7D095E5DEF6C123180655

Filesize
108KB

MD5
07ea17b166cbf619f90df5b66ffe4cba

SHA1
720d4c85ec640b9e1eadfc75b764ba71e5aa61b2

SHA256
a5042954e13eaec3c0ae0cc3d6fe898dbe3c8d355a291d47a90ac6fc27fbc4f3

SHA512
5b2948b96f876bbeb69a0acd817fea39622954c4ab43885c8f77bf07e727d3cf8597e5e3501a4db820e8062ce7762ddaefb92fb1bb158bd0d6dda6581a3246c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\0E047E3BAED4ED2768FB8C17D7198594B761A201

Filesize
766KB

MD5
bc6546857a0d4afbf716b4ecf21c517a

SHA1
fae01e2f042424e9cd1f5779f59725ac9dce3270

SHA256
58d97ed22021f5f9d3599cc69885ef188beb0585107117f3ca30912ab885c4d4

SHA512
04e47b5f2c16b9374333fd61d24c127142ae2a145378524ddf224d41fd965e32c83755c1e12edb1f39c7d3b2e9b24b88dc6670ba594708d86b1a2ab4bea03b0d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\2783762F9D6E356D975F2CC723F640EEE586F4F9

Filesize
215KB

MD5
a1670546048ddec7a9e711d61cc02eab

SHA1
ffe7ada7bb115dd807cc20094c1cb0f02dd75b61

SHA256
aa4c9cb23b3f6997b7ba1ba0530fcdefe57c02c5f818eb85d1707f4cb0a764b1

SHA512
8950a4b51dd73d60380ba5c6bdd4eaf3a429569d2fd1608aaf8bbdbcfc98cadaa30a2f8a6e343b79bbb518badbb5807923ff04e235dcd21ece8d0337854c402f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\39172F2924E6689A994995A9C4E51BECDC2078DD

Filesize
24KB

MD5
e21bd87f7c8c97afc2145c3e93e7588d

SHA1
e137660cff665aab175446a5aed7ea05b771bb89

SHA256
a4844cc43cf1de7e404f2a8ebda43173c8d872c0425ba4df79cf2828c01af97e

SHA512
ff275fe951fef629969a7cae36a685f13c2ecba0396115af3403d1de7002ffd3bff60549838ea016fed0f952942ff5685c171b016c88b12c0b6f49e64fa62130

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\3A37EED3D1E6B3845C02BF0570CEDAEFF93A93F5

Filesize
71KB

MD5
2c3a50ab97d252ca33aa467d4e2f8881

SHA1
8b504c3f8430012932548a7b5cb8172ec4e04460

SHA256
82c6879ab67fed86b256ba130882ee8256cc308236dbefdf672c5ced4c459164

SHA512
74fb24e0f4038744a71f97753fcc6c1bde2b3dcd8bafd2179e3e36383ce80156d738ef93d0dc1676b2bea260e8f93aae1a31647cba1ef7196b9d0291d19eb1a3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\532ADB763AFA0EC30767E4ED3ED65610448A0B99

Filesize
204KB

MD5
104ce57cbd0ab54b0881639e4e12baff

SHA1
9b858ea938bb6367a84c2d100b45839be4418f17

SHA256
ffdfc4fc8e36796ccfd0ad5ce96ef45d8af054be18021275e2f42ef925aa1ad8

SHA512
44c486cc59b7e638e4f41322c1c8c8721f151f5ec5b4579c494ef61dd1b42a58bf8a694eff7e272d4e0a84b541e1b3155646e02b9534ece21c9b2541c6296e9a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\6FCC6A310729FB168D0054DE69F152B6F29C83B0

Filesize
352KB

MD5
a1f07516b2e24bebc192d889e3794564

SHA1
30212b906c846ab8e201ac069a0e6416791dd7e6

SHA256
9e73ce025168b9ba74f37e5c929fd44e7831758be6aec7114f6bff507aa7f9e6

SHA512
71aed4b6148a8ac3c6ac52de3cb1bc84117f63cb7805aab692f9927314e23e08db9c4e6b3db29188030964d0733416bf8d21038ec2277f2d6f72f33ec8a87de1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\8343CF9850B69D1579C3D0B4AEFAC2233B65F197

Filesize
203KB

MD5
d8f34a0be0417e8664e9f5d7f57784ef

SHA1
ae9b939886deca3fd4e4be67a96c690defbf7843

SHA256
1064ec03371c97cb615d030144c1a1059aa74a54b3bcfb66d414a3e6ccb94791

SHA512
fe959e5ba3383ec3ccd10db1c13bbcb73fdf6b60e722bacc802ca467e39cc7346300b61efd122b04a99e3f2b3f73999d20c7e720f111a5f0a297c77adc5b2e16

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\8645479C017FFE4B14D2C6C54A8AD7D0745FA6D8

Filesize
288KB

MD5
431be4cc4675792d6e589fa393ec4542

SHA1
b20f585488000cf8e935a1abe11af289098550f3

SHA256
11840b0201f2cd7ad177819be77eda0ed1949144b294007b0ae4302220302afb

SHA512
1de1dafb4bfa9fe40e94f4f1db7b7ce0e01a92ff1f3c102ae34e08a2786fa1fbade33063ef9790abe12abbb01ab8b36d692695b09b17f7e4824903a1a9e1ac22

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\8C2ABC9F1F68706D1EAA1737C953FD4ABAB3CC70

Filesize
136KB

MD5
0d87ac0227fb1c875987ba13c1fd709c

SHA1
4e96e4425128e572ad61f6f7630384a76962fbd7

SHA256
83f718251dd9de782bea8f7e5f166b2f4c9a1a1ffdc101dc956d36954326d754

SHA512
04bd17eace509622ec5f3da54cff6c145e74a805387f39719964b7c009478e5fba3085826ef86a1571723263ab07794e2627950fd64167ad32f02b5ce3d190e0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\8CB2DCBB5E22542599EBB4CE702646482368B2FE

Filesize
209KB

MD5
b302cc5bad40d94cc2248dde7c32acd1

SHA1
b908aa20e909d4f026bd605c19e3e55564c36fa5

SHA256
2e2b540242d43daa11352866bf66fd5dcdea2af64b79c5039203316ee152eba8

SHA512
85b4e2f79931aa379fb5474a7e87dbf166347e6a291ca1192128e31dbfb8b62c4669bdb0709969b30bd63e9a5492a61875621733735fad6ddea1f4f865eaba9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\8FC4C0D299912910234A61FD83BAF07F442014B9

Filesize
21KB

MD5
967a9d08bc10c75aee8438bb45b07219

SHA1
4f62b9166513fb4ccc0d7b3723c44143034892b1

SHA256
027cf4f139a8a0ddc330f2379045f8146442fe82ec57566bf0c0973479b19e3d

SHA512
30a23c2ffa01f10ab46afb4697e9684a0a40be5ac7df31fd62410e2c8ff735f594e837e8889cbe33e4eeb290822cb02fdbb2e37b299faf9a2e15bee60e33f792

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\9DEE331607C5BDA0A597CD73D4FD8662748D3DA9

Filesize
91KB

MD5
a8d5f7c26882edab3caa8011960ff688

SHA1
05e4da690c2654c116f29ce2baf3277b1225517b

SHA256
3dd5152b726e6948ff9168477c2e67574d68f039566567db86188f31656d6759

SHA512
6441da86d55234983008922253f438b47a8dfb51d50ee826a2860cc481350c0140c356354b8f59900cec7bcb65825edffe8b379919c7a36733c6914d03f6cb77

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\A9C70C7D462BBD422B240B9D00A967F456DA496E

Filesize
77KB

MD5
4701ae7a922c2d86530d4b8ad2de2e3d

SHA1
db298cf6e9729799a776d40bc3dcb473ac4b189b

SHA256
93a8ccf97725f5065c69a7ff4917bd1dd32b18b9b1e61a4e3d45e1f073c10b31

SHA512
2446dc82c119452837245aa0244d69a195e9d781679d4c565433b25bd819949ad8711e045da62a7549a8bb401a6921ccbf5f3942d7d4256ce39e39217c02a3b8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\BFF457FA9B5F4D52CC40F295ECC662C46FD3FC84

Filesize
29KB

MD5
ec1af66ec2a29927428fce7fc47bd6b0

SHA1
8bd75302cafbe0c58a57084c218172db20054bc0

SHA256
75ab5ac15d7d8d2c0a7fba6b91440a567a6eff3a66cbd2fc767b00e8cb56c48a

SHA512
3b3b0b106a16e08ddca414c48c08de6de2e94d85db7c09e8ee6f38eabf2fb85930494887193479de0dae2ad8bc4f94d3bdec1b4a9d0612b988ed6ee3efacaee7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\C496DD061B48F566CF0A0B7FF0CBE83542A912CE

Filesize
123KB

MD5
343c16bc34fc22f459c2aa7ef28d10f2

SHA1
a6305627206831b2743e8897940a4bccdc099bab

SHA256
b53ef918833d60db85f38ec7f2bb9bfb63e64db8052ac5e7ab59b8f9f44dfb34

SHA512
0f8a32da63f19305ebc8e6d062c2be4a8ff2bd621293560545955c4a40bbdc0136f8a566653a621bb5deff27b92812846c04ad233f6488c958807dbb9810035b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\E3E972BC80411F014F2BF82F4089A35F1FD8EFFC

Filesize
119KB

MD5
cc2553727f03531d57bdaf032e03aa1c

SHA1
f643820304a8662620521964a829c4a1d300caf6

SHA256
beb2fed2981df24293c0e7fa55ca9e83755d14b5fc08d57bd141369416ee0803

SHA512
bbd791082f2431ec7afbb342dad47aed324f05ea129cef1098b93a9e7f0b4869199293e3f9a081a3b91cda3a9ed2b9f986bab0dca1dcfeb883b9724bddebbf0c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\E621CCA363A519328303C892922A995325D3B186

Filesize
15KB

MD5
12b248ac47db88952765390a754709fe

SHA1
6462a108a12d57aa1f8bf44fdb12ffd306e11d0f

SHA256
a20c9a18c8bc692820a82647b27e4a9ea8b700ceed882d3ade6939268cba9a3c

SHA512
00988d6b156d0f2384a221845d06431ea3a45012a5767ca18c47bac70b0f5d7a8c38e63b38bf2325f4bd46b568a66d69791218c942eae27beffca79f3c5a0222

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\E8AAE3014072AF9B01C77462B20E7D0F99FE255C

Filesize
75KB

MD5
205b1a9e0ba0bba74a9af2768901c929

SHA1
535a062a9f70d0880eb8b3a1b0eb5765298659db

SHA256
a225fe9b1f445f117ebf0af22548fb727353dbad1d5ca31523ad882ae2ece7e4

SHA512
576ff1e7c01cf3d81f18bf69454545d0f1a8cc0f39b22fe7f17e1734a7955aa40a55750d7529bba42389cd639d2badf43d321e25bbe63b4541eae363de3f98c6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vxeeit4v.default-release\cache2\entries\F0409FE999744B56C7F86703BAF3058C9146702E

Filesize
66KB

MD5
5395b8628260eb01dee5bcc4548b4b68

SHA1
812419d0783e8fac4c79727128bfb235b1049bc0

SHA256
f209715f1c1f4ddf776a3d2bb79cfa2646170be29f4e93114470e30c4b3f817a

SHA512
dfd490079f6b45408616b2a6aceeb8a432008680a313f0e54123a8bc01933bf87cd2551f329901155ba62d02527c55e114d7f750ce1a67a4572ff99131df490d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
3.4MB

MD5
b16754e31096ff084460514287187a29

SHA1
149d9d7bc7bfa0ee218e55eb3778ea3cf6184dc7

SHA256
ada1f60b55545c1f8a59fd28d2a5fd37d9655e9f059857121e1d493fada33750

SHA512
86fad8a6ee5660aac5a0fa172d6094585793cc6b86996941211292a9e91fc2571c8fa807a3021561909c841491400991f152f18c8e1d247c663ff600643224f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052038111\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052038111\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052038111\opera_package

Filesize
69.4MB

MD5
f4ce397ddde8b1fc0064316f43c6e369

SHA1
9c2b557052ff4ff2d1675a2842304115a38651d2

SHA256
a7d39cf333ad852fc8a8633144a7630b27966f6c24e99f6b69a2504bca43d76b

SHA512
891dfb29ae75878c4ff1aa38e16137df78cf3c835763cdafd42a01f9e9afb061a133741a1489cf33413b8f4328e56e6e105daffdc31fba3f7f2b5de2cde15212

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
69623a63197c4406d65a87fe90909986

SHA1
4b7d16c51482f82c239e1756f0ee1117ea25b8b2

SHA256
a4e073a9dc9e279269d2f1a3486f7886859723ec7df44af03d80113fb2a0f9e8

SHA512
0be4ef15038104501f9af631f4901e32b62017f369cc29887b1ba3021809986164ccd50148d839898cee5064b513e45ef08f9a15234f3d9463aee028c4508359

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
28d7fa55f79d14d0f64dd2d5abc93c07

SHA1
3bbebf0d24b90d9a6dd230fa9fc38711932b469c

SHA256
eaa2089ebf752924288f5ba54db3592a8d9462fdfd1791ef30c29f158c487c41

SHA512
b96abbfb1dc6576178d68e56726f385211e9827dc6e18eb1b87e718a9122282cb206463021fe54c3ffcb47e541110ad553e3c6c47b94ce708f61f04859b4c12d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\0a417a56-fd6e-43e6-9fd7-e5973ef16d07

Filesize
746B

MD5
2120ec73f41fcaa8cffafadbf02034b5

SHA1
76b2aaaae31c5e37953f98743860d70955b6715f

SHA256
d87070991bbe3caebef18a716c2cbff71c3cdb2bbee502553fbdf85fc3f8c7f8

SHA512
0a0a73771f86e8b69e380b71c39db77a871e9079d9783a9825e307dd37b0a500e1a4d8046a81a6f28d8f19c807aa4207613df3c5646b803b7e6e1b3fed190869

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\datareporting\glean\pending_pings\be88c6d5-ea57-4246-8908-960082fe2914

Filesize
9KB

MD5
44f62a4ce11945d405462d2411a0672c

SHA1
0b8f7a8b66c9696127ec251490a1d2c19058c0de

SHA256
c685216666688d672cbbcc62cffb56a5cacb1804b8749557b45c6927df8d937e

SHA512
82a801c2f45e53d9bf7fd5fbd3496129049bf8c3f5b6187b03c54a095ccaca49f8e695bf55dd1281f098ef91950c7e0d2bb4e811aa1a0468755a2b26089cd680

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js

Filesize
6KB

MD5
0603be4592b3adf735e6dac0d06b684f

SHA1
5eb2e00819338228ad2e7927930d4ee4489859c7

SHA256
ebf29b6c53f19760d2ada6caa49784535075670b6875c088f7872397c1362947

SHA512
3de49c8000bd8d10101be694cfba3a0b66654ff434d7aaafc1e7346ad021f0f5e11d9a8d543424ee914b0b4111b55da6d27b23bb2b472e21ae01c195e29d9111

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs-1.js

Filesize
7KB

MD5
5bef75239459e240a567e0fcca708771

SHA1
7f8e7c16b0cbf63a509d66e547c0926779f86de0

SHA256
12f8f92411768afb4473b2d1e764c8743094412fd3cc1ed0fb56bba396239f98

SHA512
50fe727703436c21e6614e96da7b1f1b277a0b813eb8d4c9468ccc69987648dd5963ce725daaff822868815ac27ca39bbc377c0c642f34a14d4d0bc3a35a05cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js

Filesize
6KB

MD5
af20f9f275a69826bf035ee389da7922

SHA1
fa933b731f18ac9eb2bfe9c9498ca06ede075b67

SHA256
400739777d76422478a100f1b35d64a38b020123863dcbf6e65f3800deeb7e51

SHA512
2efe60af7ef4e9019d1a81dddb6e079ad4008680ffe5def9b63f07e615f1bf2e44013e27ac97c34a60340d610f2a624ad749310191411e138ecdc4cb90f881f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js

Filesize
6KB

MD5
dae980aedb0dd1065c55cf6746e54b7d

SHA1
dc509a8e2335012a398caa90a34a3370888de366

SHA256
b12c4e1d6992800f213ae45044be117fc2350d36e1307a3973d0b4c0e36a2a70

SHA512
c2ff8e142a2ee0c60788d68dc36c21ded910393068bcca5ef93b3fb1f19a07fa26b1819d590d6e1b89b99777c7be923dec7de2837fcf464112a18f5018199f9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js

Filesize
6KB

MD5
69569b0df3215a2dd9d8a87c4dbe5f5e

SHA1
c9cb4dd9af29759a50173d6b983f02fee204d93c

SHA256
07228f6231bc5633c40f53097565d5fd051b1474b4100521295fb528ffc40d86

SHA512
7ce9290fec92344821a5313179a6ebe15a1127a01237d812663dbcf1c4275f5d9caa55afe430d7c58847e7990b259671e45b5085a1386c6e318168b433fcee6c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\prefs.js

Filesize
6KB

MD5
c6e80e4644cc9aff8eac746c851f6768

SHA1
2af7c0b756656a2c1401c938e930e72b2e59f14f

SHA256
74300bb0c1dc49efebe13675fe0960724b88fd0a888ef698a8ae530158012a9c

SHA512
1b840391a90cf3e9987e566118d904df2b21dd7e9352cea9ba62134448a0fb5adee0770bd80dc902b9ef4394b94231d3aa38fb7dfc93a431c925b4bbecbb9e4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
c01c40b1afed6ac7db4abc1fd9c05cd7

SHA1
84cfb66763474c2aea859da976db7c9e009d791e

SHA256
111d6548e6ebab1530fe57d972e16514339f53c285575bdbdadbb4b038351304

SHA512
b95f41e05d838062e6864f3cf76deb6a38246e364644dd371df508f3116f1302860ba00a5d28de576f3f0d7e0e1285c74f0673b496fdb1c25cd31251d984a2c9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
3b17ab614e14eedad28e5cf36ab6f5c5

SHA1
87ba4e66895ade1a3e4b6c825da6ab2424bc9042

SHA256
841df6528ca8d8c8b4742f7a65546742e7c26331a1c76235d974d49c6f863497

SHA512
702c8b42ba4ee0bd5c12ec96403fea3940766fdc61fc4c58b771c9cd35a735f2a052b9b96352ae8955cf2f06997e97470f4d3913918910db152e39de3767a3da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
b71b83f067e739a2edd157097ce0b016

SHA1
1432a5d988461cf54b3251eff9244398fbf84b03

SHA256
eb3840f094af6cc8561cb3f7ceb6d386306beec531bf5a426ec328edd7120de5

SHA512
f472aa37eac9983d1cd0dae2f9906ccfece28874db1fd2028051d25668480d1b5cd587ec9709476fa983f61edfca940bf42d60c5953137b9e9cb54a2ab0621b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
6a5383628a067fcc4d77299320a8a56a

SHA1
6344bfbce1bc3c678a93c0eb72d56ebc74086409

SHA256
c058cca09176602d8cbe6d73acf85a66e321196fbb9eb9990efd8adf664f603b

SHA512
a2fb6432aac342cf41ace7291335c3b99da50edc3efe558303e2a5df7c4a53f1f996d5349e81aec34cd87f5ff71968073ee196d4fc1b243accc8e17a02ad8e1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
14a1c51798540f1dd15557908ec34998

SHA1
5f12004d95e448694020bcbde7f74363e00101ff

SHA256
ab70e3121c86da1d0d851f23a7f509110fd5f55e97ad13b3702df71028ce3f2e

SHA512
d168bf04eec29d5e21c23880e7b5dd73beff89f802a893c804af02ba06f73c1a98f46c91bb3a8445fe7d75e3f523fd20720afcd601f26d107bdd0144b7231329

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
dada1882609da6dc2119b7dab8aed6c1

SHA1
2059e8b179bf1626b3c0f41cdacced8d9e11a245

SHA256
ab9f87514234af6cf4398409031c7d8ee72e469a4c5275e0d25eccca0105a027

SHA512
91820fc7456c9df1d925b2313106a3f4d9a4bc68c416f0ffcd469bdb6c6797e1b5fbcc033f84fb182dbe785bb384ca6856d634cf50218f6263fc55f19797ade4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
20KB

MD5
b9a8343b5cf877c9fb4143ac988c6cc7

SHA1
3143a9c7d35175434a4647f72f84992878e97513

SHA256
c55e98e1e9129d0e0b9f4d43a36cc420de1e81b8229d028668715882326b29c7

SHA512
4ddc11bc3cb54c8ad875ec203422f5b31eb0c54225d836168c0ac6d6e2d937eddcdbb826e179127e5b04a6c4ad8295a53e0cebf886556258f1e450b172cca639

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
109a55c0a43face533aff57a188e77ec

SHA1
14a7f84de2db4ddf0a887319753a60ebab2fa868

SHA256
d40ed3485b1695247d4803f742aa92399bc5b9b787c88b8a4f17d52a3371f617

SHA512
18a08e2bcd042109fcca79f30d49fc542313646b09f916405b28df2b4fa0c34aa4c4833498efff97bd1e926504ca9d475029769118989ee201b37cc6e9b6b278

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\storage\default\https+++www.facebook.com\ls\usage

Filesize
12B

MD5
1aa6238c49a38068f9149feb44a2db0b

SHA1
035372ad84af747c9f2d19ccddc50a48f24611a7

SHA256
f0b29179dee8c1b28d0b9ffd1496c99b3f504269078f2eda57c1c45ce7a50fc6

SHA512
a025ad2e905abc3b55be132eff86a7f657fce4ccac3c631589bac4b7736fb117fc61fadc1e9a611b960ec05017c3d0f800ca2adad7b1fe5007be97d9866323b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vxeeit4v.default-release\weave\toFetch\tabs.json.tmp

Filesize
10B

MD5
f20674a0751f58bbd67ada26a34ad922

SHA1
72a8da9e69d207c3b03adcd315cab704d55d5d5f

SHA256
8f05bafd61f29998ca102b333f853628502d4e45d53cff41148d6dd15f011792

SHA512
2bce112a766304daa2725740622d2afb6fe2221b242e4cb0276a8665d631109fbd498a57ca43f9ca67b14e52402abe900f5bac9502eac819a6617d133c1ba6a3

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
44466df2595cbb9c8fb6549c71b3b84e

SHA1
8b1573a2b712c7e9c69b3566fe5901a48d7fffab

SHA256
3433a3b370f61235dc49fa3a3a76a1119c70ff5e9b683b85164abd8c4a4eeb6e

SHA512
49821d684c89489e3c4f0344e69b41e9b3f07ffc8693cb6b51db4965b58d0ab586075666e42236085cd5f5d6dde713ed1d0408ed9c459bd4f30a52209f21a61b

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2403052038102432208.dll

Filesize
5.2MB

MD5
2e9e548040cbc282125031030041b2a9

SHA1
a84b26339be4cdd889ac806227c3260d57296605

SHA256
b44501388ac04d3db78e167cc1dc4daea68aa5c7140a2976b5a8e04f6d2438eb

SHA512
8be8af00aabe5e5ccac38faaf9ed499ea9c84d6a180a3cbce81297b58e1b4cfff5597638587c8f81058f59e19f87ac4bcdacfb34e1fce7ac61128837e39d3e7b

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2403052038107534948.dll

Filesize
3.3MB

MD5
b0a8b75690dbd04235917919273bef56

SHA1
b57bb0fb1ac260d9c7973999490b47df9c141d5a

SHA256
1964ffdd7ca2f3503353c33a4e18fcd4e93fdba8929b189e0a20ac663c73d314

SHA512
29e31579c3db9d9928e121877f4da04c5c93ad3c0684b27b97912ff1994c1a61229a0bb137519b90b5b0b0a2c8c11ef1db05e4721ee017153862d1b13dddc727

Download Submit
memory/752-16-0x0000000000FD0000-0x0000000001591000-memory.dmp

Filesize
5.8MB

Download
memory/752-17-0x0000000000FD0000-0x0000000001591000-memory.dmp

Filesize
5.8MB

Download
memory/2208-37-0x0000000000010000-0x00000000005D1000-memory.dmp

Filesize
5.8MB

Download
memory/2208-1-0x0000000000010000-0x00000000005D1000-memory.dmp

Filesize
5.8MB

Download
memory/4948-7-0x0000000000010000-0x00000000005D1000-memory.dmp

Filesize
5.8MB

Download
memory/4948-38-0x0000000000010000-0x00000000005D1000-memory.dmp

Filesize
5.8MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads