ada1f60b55545c1f8a59fd28d2a5fd37d9655e9f059857121e1d493fada33750

Resubmissions

05/03/2024, 20:45

240305-zjqfasgh5w 8

05/03/2024, 20:41

05/03/2024, 20:40

05/03/2024, 20:37

05/03/2024, 20:34

05/03/2024, 20:31

05/03/2024, 20:27

Analysis

max time kernel
148s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/03/2024, 20:41

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup.exe
Size

3.4MB
MD5

b16754e31096ff084460514287187a29
SHA1

149d9d7bc7bfa0ee218e55eb3778ea3cf6184dc7
SHA256

ada1f60b55545c1f8a59fd28d2a5fd37d9655e9f059857121e1d493fada33750
SHA512

86fad8a6ee5660aac5a0fa172d6094585793cc6b86996941211292a9e91fc2571c8fa807a3021561909c841491400991f152f18c8e1d247c663ff600643224f7
SSDEEP

98304:TWo5jp/vdcY8uC+gOhUL+byztZXlAuoVGmKeLEcjXXV9bA:TP59/VcYZCOW+bO+5Eo9c

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
4792	OperaGXSetup.exe
6088	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
5580	assistant_installer.exe
2088	assistant_installer.exe

Loads dropped DLL 3 IoCs

pid	Process
3176	OperaGXSetup.exe
1268	OperaGXSetup.exe
4792	OperaGXSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/3176-0-0x0000000000050000-0x0000000000611000-memory.dmp	upx
behavioral1/memory/1268-7-0x0000000000050000-0x0000000000611000-memory.dmp	upx
behavioral1/files/0x0007000000023241-12.dat	upx
behavioral1/memory/4792-17-0x0000000000CB0000-0x0000000001271000-memory.dmp	upx
behavioral1/memory/4792-18-0x0000000000CB0000-0x0000000001271000-memory.dmp	upx
behavioral1/memory/3176-133-0x0000000000050000-0x0000000000611000-memory.dmp	upx
behavioral1/memory/1268-134-0x0000000000050000-0x0000000000611000-memory.dmp	upx

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3270530367-132075249-2153716227-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaGXSetup.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3552	firefox.exe
Token: SeDebugPrivilege	3552	firefox.exe
Token: SeDebugPrivilege	3552	firefox.exe
Token: SeDebugPrivilege	3552	firefox.exe
Token: SeDebugPrivilege	3552	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
3176	OperaGXSetup.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe
3552	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3176 wrote to memory of 1268	3176	OperaGXSetup.exe	90
PID 3176 wrote to memory of 1268	3176	OperaGXSetup.exe	90
PID 3176 wrote to memory of 1268	3176	OperaGXSetup.exe	90
PID 3176 wrote to memory of 4792	3176	OperaGXSetup.exe	92
PID 3176 wrote to memory of 4792	3176	OperaGXSetup.exe	92
PID 3176 wrote to memory of 4792	3176	OperaGXSetup.exe	92
PID 952 wrote to memory of 3552	952	firefox.exe	95
PID 952 wrote to memory of 3552	952	firefox.exe	95
PID 952 wrote to memory of 3552	952	firefox.exe	95
PID 952 wrote to memory of 3552	952	firefox.exe	95
PID 952 wrote to memory of 3552	952	firefox.exe	95
PID 952 wrote to memory of 3552	952	firefox.exe	95
PID 952 wrote to memory of 3552	952	firefox.exe	95
PID 952 wrote to memory of 3552	952	firefox.exe	95
PID 952 wrote to memory of 3552	952	firefox.exe	95
PID 952 wrote to memory of 3552	952	firefox.exe	95
PID 952 wrote to memory of 3552	952	firefox.exe	95
PID 3552 wrote to memory of 2440	3552	firefox.exe	96
PID 3552 wrote to memory of 2440	3552	firefox.exe	96
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97
PID 3552 wrote to memory of 1968	3552	firefox.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3176
- C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
  C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=107.0.5045.37 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2cc,0x2fc,0x757861e4,0x757861f0,0x757861fc
  2⤵
  - Loads dropped DLL
  PID:1268
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4792
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052042051\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052042051\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
  2⤵
  - Executes dropped EXE
  PID:6088
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052042051\assistant\assistant_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052042051\assistant\assistant_installer.exe" --version
  2⤵
  - Executes dropped EXE
  PID:5580
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052042051\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052042051\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x3a4f48,0x3a4f58,0x3a4f64
    3⤵
    - Executes dropped EXE
    PID:2088

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:952
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.0.1565837064\1084723936" -parentBuildID 20221007134813 -prefsHandle 1800 -prefMapHandle 1792 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad5e758f-ce65-44a1-a535-26b49224ebe4} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 1892 1ff73909758 gpu
    3⤵
    PID:2440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.1.2074451471\640252157" -parentBuildID 20221007134813 -prefsHandle 2312 -prefMapHandle 2308 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02ed5062-1455-4088-9a18-eb0b5264d1cf} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 2324 1ff72246a58 socket
    3⤵
    PID:1968
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.2.184993359\1401696316" -childID 1 -isForBrowser -prefsHandle 2944 -prefMapHandle 3044 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bb35ed06-6f16-412e-a83b-41a621ca6860} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 3140 1ff7689da58 tab
    3⤵
    PID:4856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.3.1758181312\1005952347" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3540 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ee3e461-b66e-4e62-8299-1faf5e0f2f0e} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 3552 1ff65e61058 tab
    3⤵
    PID:4076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.4.1659518867\913316548" -childID 3 -isForBrowser -prefsHandle 4644 -prefMapHandle 4640 -prefsLen 26125 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35c22c2d-e117-45ce-afa0-10487e6e5620} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 4656 1ff78886158 tab
    3⤵
    PID:3528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.5.1941590755\610277425" -childID 4 -isForBrowser -prefsHandle 2768 -prefMapHandle 5220 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {829a1cbc-1794-490a-a7d5-b57ae408fa11} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 5248 1ff7990f558 tab
    3⤵
    PID:4328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.6.674212475\1366437455" -childID 5 -isForBrowser -prefsHandle 5252 -prefMapHandle 5232 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2c198253-0d8d-4e88-815b-756cbba9cba1} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 5272 1ff7990dd58 tab
    3⤵
    PID:2544
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.7.319943018\830496977" -childID 6 -isForBrowser -prefsHandle 5396 -prefMapHandle 5272 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa57c5c8-055a-4b9b-a793-e7894bf670be} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 5484 1ff7990fb58 tab
    3⤵
    PID:3668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.8.1769569584\1380852258" -childID 7 -isForBrowser -prefsHandle 5024 -prefMapHandle 5020 -prefsLen 26863 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e7506f48-6bda-4e3d-aa09-faf227159073} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 3828 1ff78885258 tab
    3⤵
    PID:6008
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.9.764539543\2139729695" -childID 8 -isForBrowser -prefsHandle 6256 -prefMapHandle 1604 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {565fef24-7630-4e72-9736-a7dfacc2f866} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 6228 1ff7c4dd858 tab
    3⤵
    PID:5808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.10.1882262519\236884066" -childID 9 -isForBrowser -prefsHandle 6664 -prefMapHandle 6660 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d08e4ba-3724-413b-adc1-5e58698c8eef} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 6632 1ff7c814758 tab
    3⤵
    PID:5680
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.11.713804031\2068706953" -childID 10 -isForBrowser -prefsHandle 10876 -prefMapHandle 10872 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a800e667-3ace-463d-8688-fd9cc5d9504e} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 6988 1ff7dbebb58 tab
    3⤵
    PID:5628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.12.693931322\567991679" -childID 11 -isForBrowser -prefsHandle 10520 -prefMapHandle 10524 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44ca5a20-f03c-4ce4-aeda-c52d8d3ffd8f} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 10512 1ff7c75fc58 tab
    3⤵
    PID:5332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.13.1697053690\2086040462" -childID 12 -isForBrowser -prefsHandle 10732 -prefMapHandle 10624 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {afd46f42-3c08-4552-bd77-bfa9e19ed8d2} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 10724 1ff7e5ee958 tab
    3⤵
    PID:6368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.14.1790255295\2110710269" -childID 13 -isForBrowser -prefsHandle 10732 -prefMapHandle 10908 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {86d68ad0-ae20-4beb-867e-124fd37cbe33} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 10624 1ff7ee75258 tab
    3⤵
    PID:6900
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.15.464099152\1720882411" -childID 14 -isForBrowser -prefsHandle 10088 -prefMapHandle 10084 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89e5b266-75f5-48f7-afb0-d517133d4ce7} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 10096 1ff7eef0f58 tab
    3⤵
    PID:6908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.16.43762790\1434222634" -childID 15 -isForBrowser -prefsHandle 9812 -prefMapHandle 9888 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79a519a1-a545-4ec9-8e64-9c069945f13d} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 9992 1ff7eef1258 tab
    3⤵
    PID:6916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.17.3767914\272704225" -childID 16 -isForBrowser -prefsHandle 9672 -prefMapHandle 10216 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4890e264-1b1f-468e-a4ed-3b4c675b8418} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 9660 1ff7da92d58 tab
    3⤵
    PID:4860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.18.803077262\1662742018" -childID 17 -isForBrowser -prefsHandle 10064 -prefMapHandle 10200 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {73b75208-ef3b-42b9-bd55-1643a16f2cf5} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 10056 1ff7f245558 tab
    3⤵
    PID:6152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.19.219827704\497515324" -childID 18 -isForBrowser -prefsHandle 9388 -prefMapHandle 9384 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {595e837c-4fa0-48b8-81e6-db1c5e310754} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 9396 1ff7f244358 tab
    3⤵
    PID:6164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.20.2135552147\129970513" -childID 19 -isForBrowser -prefsHandle 9544 -prefMapHandle 4640 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce8b2be9-f8ee-4bfb-a4ea-86b1001260a6} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 9548 1ff7ec2eb58 tab
    3⤵
    PID:6880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.21.1281408015\1093984879" -childID 20 -isForBrowser -prefsHandle 8956 -prefMapHandle 8964 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dffed8c7-e8b6-4d92-a6fd-d3fc12321085} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 8936 1ff7b993458 tab
    3⤵
    PID:7308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.22.271199848\318958572" -childID 21 -isForBrowser -prefsHandle 5460 -prefMapHandle 5472 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {671a78a2-801a-4b01-88d5-b13b4cdb5d07} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 5380 1ff65e71658 tab
    3⤵
    PID:6692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3552.23.540370814\1544347781" -childID 22 -isForBrowser -prefsHandle 10604 -prefMapHandle 5276 -prefsLen 27038 -prefMapSize 233444 -jsInitHandle 1140 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f645277f-10e9-4375-9faa-e746c65ebb60} 3552 "\\.\pipe\gecko-crash-server-pipe.3552" 5424 1ff7da92458 tab
    3⤵
    PID:7572

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\1026

Filesize
9KB

MD5
f91049495601fc370fb40b6e9568d067

SHA1
ebeab42d8767f2ca576bf3c6f598d34a3bfe1a4a

SHA256
2de6d4be4fe39d94d51b96b26f79a0ef5cb460a63db36068be42e2640438b243

SHA512
8c3087d81e4fd1fcc403120f273e7b9943852247c48e265a4f3542430f9d56e9a70cadc04790a6a9bec79ec28538b1c4a7d46afdde3a0c1ac16fb59a752d00c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\1216

Filesize
8KB

MD5
51b201cdcd186f427f8956de4ae169f7

SHA1
627c5ec6c3d2bca8e509a4cc043b0af9c6c784f6

SHA256
d0aee93d0c8bb1eabad7a31b22008421738071f2c6cbc2bad69aa2b4e9ab978f

SHA512
63fb88a55a1b6e0c2dbf0e63c9a68ec8cac35a4bff1f2963a1ed27dd9d9b65593edba157e757cb8d91052d76bf3903d6f3dcedaa67d491631cf3899dd226fd08

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\16652

Filesize
9KB

MD5
6fd82ede2a82e9df4f3d56c2f2cac955

SHA1
6ddd0b92208ca74acb0531cb2088f2b169fd3c0f

SHA256
1fc035e459ac10ae54aa3633b271afc57d37e663c97429bd42190d9c9afa6109

SHA512
c8d2024b2b8a459e9daa3674d4eab66aa81742a45db93544e3403e2d1ac51b61ecc299088edf3486c961b97b64bee12bc6869774996b5bd2429499b38d7aa811

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\17747

Filesize
8KB

MD5
0df1df85ac655f3e8e5ca8c200bda268

SHA1
d4090ee1883032cd4b183d08f72420f41d492f48

SHA256
f64f1cfc12ee3ac5b4fe81650220139d0ea801805469590f50bbc2e57ee9594f

SHA512
c1f0e0a61a41575ffa9b9bfb139f878c537f001f927041aab95978fc4a9be133b177399be8eeac4ff3cd8e87cc01b47e828eaf4c6785c6dc0beec16bfe7cf8a4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\21682

Filesize
8KB

MD5
df4da362e5e15882810348929de32002

SHA1
4bf2cd1c1d02f84ca1c6aaf8ec44cdbbfc44972d

SHA256
3a579999762f0d6b94ce44843cb18dd2f1e10326daef0ec406a14d108d70dfad

SHA512
1541a4abb0e000524047a960b39fbb2d55555d7a1e79581917348e29669aeb983061a22eccb2d1f7cf2f2ac638013147c43532c1b35a3d3484b387a3a1f47217

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\25971

Filesize
8KB

MD5
99e9cbb066f224734ea05bff9b133ef4

SHA1
505703de576632c44c5dac0cd7bba4071610a0c5

SHA256
2c1c7773f389ec84f6d958eb0f41a2335c530d4cdcd531ffb5b897c348e853a0

SHA512
5cbf2dd7fc1be14041ac1b20746528fa99eb8b798103b9dd809a007260d30dabed8f7f758e23d2ecc64ad371ea8e48f9335646ae0535d00f4542ae924d9fddde

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\28542

Filesize
8KB

MD5
8fe3a79e3db4c2aeef9b8aa1905b6b8f

SHA1
b9aab207e75ca81df76ef4d3c063cdbe0be29220

SHA256
9ad707de4ed7288461fac52340ce8eccf162b9a245031dba713b76ebbac10c13

SHA512
3f05047bac13fdb34111aea173c3e5b6d75bd6512dacdb4be0cbb0e4311848fb75acfacf847601d535aacd9a1fd7e1da2e9334deed56683c1f61415679b721d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\doomed\7217

Filesize
8KB

MD5
ee2c7926512e1e89ad2980fb515cdacb

SHA1
f7676e9598bc98f8be9a4c1e0ce4eda30a8854bc

SHA256
91013a1351449ae2cae55a3e3e08bdbb1d520b38ff599eeb62d69df6c6be5fd1

SHA512
41133d78a032f6e533a40ab369a11fd682913851e8a5c7f25f8973582c5875f8f021179ff25fc442a76ca784a9b0fa952255df349c04285ebbf83e19ebd662c1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\39172F2924E6689A994995A9C4E51BECDC2078DD

Filesize
24KB

MD5
c67cb6fec95877193c8da0f143955118

SHA1
03aaa63e861f89390de7989a17d2656958f20657

SHA256
e4ffe3819d57f4d60239f9fd3bd8a8e87fd675489504f2647f9776fe982ae3be

SHA512
1d3762efae49b093efd8afca11ebf863766d260906659fb0f80ad645a054083c43c6eb0202e99fc20ff8f68aace9c41de67f8fc01b36282be8e63df9f8e84fad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\3A37EED3D1E6B3845C02BF0570CEDAEFF93A93F5

Filesize
71KB

MD5
207c7977efdb7fb66de25f2082e50041

SHA1
74d0db2dda2e81ac32f388f46dfaa326f77d9d6a

SHA256
9c84f300a15271f9c39ddf6c62545dd2d564fe38d4fc385621952815aa4afe70

SHA512
7af546ac476975546fabd470beea8a74b8a44704deae3414d6154f577f226f1bed2384237b0df9e057666faa1e1da441412393587b76cc4dbbd1e6fd5463d5df

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\532ADB763AFA0EC30767E4ED3ED65610448A0B99

Filesize
204KB

MD5
734bd1a279e17ee8e2c295d44e8ce671

SHA1
9df3ae79cfca274e330cc3e5e175586b86c99d49

SHA256
4497f994a72316aed73a3584703d5cca4777d8382db6e05b3af5bbd4ef160b6e

SHA512
87c17dd5a18d9289bf439027ef0bfac582ee169d798a7a70d52b83e42572ab7527b07a00a84dff131b1131c9e0f72802fdb4abe3acd8621d86d7f49df925c5f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\82DE31516D32EDF2ED29803930FC593FDAD0155F

Filesize
13KB

MD5
742bc7879bdee8418473cf127613d45e

SHA1
d8541701c715cd32ea84b5c8d083f041facdeab8

SHA256
6b2ebc57594b1a431fdc8e18bd0323ed8a041904c9851562a97458611a8e7f61

SHA512
c2b8205bd0d0d0dc49d22138639aba1fd87c12bdd1c396ff7a679a75b9df91d158cb05e263e705144c82a55bd6ae7ff1983bba005e9633de10990e91113e7e8b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3e5zl51i.default-release\cache2\entries\E3E972BC80411F014F2BF82F4089A35F1FD8EFFC

Filesize
18KB

MD5
b31bdcd8254b7a13ab044234df7aa644

SHA1
21bcbbf56b0c07dd7033197896b51c7a054b9143

SHA256
e75a8a0a2a1a3659e9ad18b3b7e62713898fdf787cc246b582362029239dd3a1

SHA512
0d82d3ceb596a1df18bc89d5e9a987712663e64f519e20909def906810494fa1b5c9c045be0b6fefbf98ea65eed44403ca9b549611e4a71c16a9bec28c7b44c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
384KB

MD5
6ec8b999527c6794794de6a32a76eee6

SHA1
6f66174132ee40c5bfcdf7791935a1bd7bd11d05

SHA256
701db68366e01f7b1fb31e1647e7c7a65092364279df7da1823cdc32f4c67f05

SHA512
2843208fa623e41f9827acd420223859464ba35c6734cef9197487833e94b629a16cface04a9a2f44ec1fbe8658fa7949d3a71f12c22371944674eee60990951

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052042051\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052042051\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202403052042051\opera_package

Filesize
261KB

MD5
3a853e9295e30a2acb60823ba5371100

SHA1
37d52ee59780efac4ed170e368e7369d82e7d5af

SHA256
014f74861186847bc28e596f541a84085588cccdaaaf632c2d06d5e344e997bb

SHA512
23cf7363162e92c92e4aa09a4841558f920865d5f46a28890bab0be4517904efa7470bb1dd2f8dfabcab2f73b392f5a89c96880977b87bb4d4623ab620f77c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403052042044893176.dll

Filesize
5.2MB

MD5
2e9e548040cbc282125031030041b2a9

SHA1
a84b26339be4cdd889ac806227c3260d57296605

SHA256
b44501388ac04d3db78e167cc1dc4daea68aa5c7140a2976b5a8e04f6d2438eb

SHA512
8be8af00aabe5e5ccac38faaf9ed499ea9c84d6a180a3cbce81297b58e1b4cfff5597638587c8f81058f59e19f87ac4bcdacfb34e1fce7ac61128837e39d3e7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403052042047541268.dll

Filesize
3.9MB

MD5
433354f28347ae6b391b7af05590fcc3

SHA1
314fa1d7bbbc4d20cd82486f6b1c096749bdaefe

SHA256
eb9a1c71cf7434ba3c0d13e3c0850a76c53f8b30c33d514b6efe3fda12d95e5c

SHA512
2f90da56c46bb4b97f4cb114396483236212f820ce0cef209ab3f84efda60f18453964b618a73f581bedd0d0b8ed0b40d5e9fb531684e6c7c7cca2a38198304a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403052042052544792.dll

Filesize
256KB

MD5
c9ec22ac37c8537b11f13124adb1a980

SHA1
09f07e0e5aef05584121103b67c49ab406b32ef6

SHA256
39f6bc3dfbfed3f762e662d90baf73aee60dce577295067a25586316f39e43d1

SHA512
5c07f0aa2d50f7c9b6db0b688f5744fe02c7cc9c78e58fc36b4c81c5369530e364dc5c4ac115e0a661c114b006d9e5a76ebe4b52edd3bdaeee004e638238be22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
fd8c1527b880cad7fc5727d2f1348e96

SHA1
0a1bd9fc7aaaebdfc1cc297acf712417015efe2f

SHA256
3d336da3c1ab58f329e22cc406038f5c4ae5455d8714a118087b9b25140268e2

SHA512
51c53c705180d6a2e86517c9ffd77043bfb90204e3ed6599bef79a82c46c85ffb8c78b2689ad49db87982cb3437ff56c8be259d340cd2174107459d9bee83dfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
9fc2cf2e1c7446e6fed80ac4f6db70cd

SHA1
52f91b237553258d07e495281cfdf0e87245733e

SHA256
04f222c2e74e1deb36326e9637a5c3076c5ba87836df8fcef26fd827fbe0ea4d

SHA512
bd6a8f360fa315a092e15ccaea81557c90e5ea623226c7b1786f8434b8e6bf1e5b264834a325c1a9c00a5d1b158643e1b8e8e7cb31c16a57a0089e9fc0efcdb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\8d091b17-d1b0-4466-8f77-3f340baad33e

Filesize
10KB

MD5
77f117f39701a4f30b0e9e80047aa965

SHA1
fefc903bd54559e13971e06cf6ab1e234d36d187

SHA256
8a7c32b1c27bbba914812a11bcf985dadad08296ab5f1bd16af7c0a2782e895c

SHA512
b52843438ac549c97ac87c6dab5b25f642044a0da80903b30a85404b5055c182043d6345b6fd00d924415a574a733fec5a34dd93282397453bc5d6d02db430ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\datareporting\glean\pending_pings\e53c753b-4ea7-436a-ac7c-c144284e6910

Filesize
746B

MD5
45f810433ceb7f2b489d105da6a3a6bf

SHA1
b4a7e35048cf0802dae3272c42378a195f4379ad

SHA256
d023653bcae3de58372cff6f3ac0899c18ce5e1362dc56f84e5acf365e707e51

SHA512
5fb55d4d160ab33fdbc2d5902832aab10081fef3e56a50386c9986e8cb388ef08a8224892c2d354498a000a3384b224c65e34a9816156872e8112e52722aa8bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
6KB

MD5
4907b02b7de5c3e3fc3b5a231f1e89da

SHA1
4251d572bfbd9b681e655c3d5787392ab0b40b8e

SHA256
a7f6081313e58a88dbdb0c291733c7958964adfb9cd7d83de1afc093f9feaaac

SHA512
75df83cd0920272123f06df15461bee5abc845607303947f884fe48fb7ee08f73bf847bcca22ec2ddad419b95db5d5398d9f49dfcf7e95a62aa03cc0dab3fa81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
6KB

MD5
5a81e552d601343ce1e3b69660ed5e07

SHA1
90b75762d430f2ec7817a9463fe21ead62338e8c

SHA256
89c9db1c177e55fbe20d83898018b51d9a2f90d76f7e7314c930d5843d7e0f98

SHA512
1e2bcc65db6303c668276e14fbc434577477dabe78a6cd73819b0014858e5009e7bd7f6f84f4f7b02b4894caf4889b1ac947f4caa85f50ae14c35f1de0fa475e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\prefs-1.js

Filesize
6KB

MD5
953eba329c34b18d5606db055bd018ed

SHA1
453168118aa83b2eeadc375125ef4986be9a313a

SHA256
c9495059b0af795e53a6a4846264aa5eb6f9191a687711dad64f064c7a1d8c0b

SHA512
0b6845c47889dc057e8d6b9c42885cc4e886a45735e646fd8e83526bf54f543d21208381917fd880b6dc2ba4f655793b6192aed7e3894360eb0da06ca204faec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1bc90679c9d3df2dcd76d1727fb47735

SHA1
daf146b2b592bfd02d495c114b3d4d1be71f8661

SHA256
80a468e4b85001dffd04ac621746ef0e55427b604d74e4bf7f7d3b82fea00b6c

SHA512
dea19e97bfa8e712c7db70689952a12d95dfaaae6c0311062530ea2f53d39665f650f40911e18314c5d279d91ad5e7aa226a3ac7dfe8ea906139611d39fd36ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
5KB

MD5
e5c05591f5074bdec9539945e0740651

SHA1
a3a7128c7e8df130dd25053d2626c0045e195650

SHA256
f006935919a7279a2a12df20b3c0310c732ae7e917b82af0ef1c14a88948b470

SHA512
58d0261f7df9797f0b0946f6d97a499f4f8c1e34dd0d56412ebff0d6000fe8e1e669152a8598f85fff7a95b8a732181ab1d76033cb66c8b0db5aee4849903934

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
7804cf20fd895b10eb22ebe4e83a5b59

SHA1
c88fb4833a8def1a0a1d49d79eb1e8d5fc40c1c1

SHA256
c74f09a0adb1f6e4d1d99e49f22601f51291f1c433893a029e004ef58879e96e

SHA512
b58d0887bc0a1e74487e219f7f4f852b3de70cdf86af834e29f80f010eac723174841db28d7bfa988d850c4c4bb520f1973d2218006f692ad0b875f9184f292c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
4d64965e2cf4f1a00414ae51371e836b

SHA1
904ae4e86796b9f0774f1ca97021193fdd4659dd

SHA256
b172d62a5d1e1f11fc80f112506c8e66b031ddce8a6401ff2dee70c118fc7fa4

SHA512
9e140a50a5cc0113c474d0da9f97cd2879cfab6d49511f51454f503f808b89ad82946a715da72f5ea26e53292e66f2845b6703a9fe95859af2055936fe187e62

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
10KB

MD5
ebc08e75a58a31fdf80ce9dec01540c5

SHA1
0ff20c56e8cfd2897a36365a7d27c9977bcb9ae3

SHA256
bd8f3187f581ed63d94c61c393f671b921b93a21e0a14bb231e07b90ed58b306

SHA512
fcd6eb2444a108407c36198b9f42ebc181c518a338e098979fd6e7a2181486252534231894a0b26fba484e01c7ed1c829acefb5599c471e62497b846f279e769

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
8d069e6789bd2971a27e3c33a5447362

SHA1
01d34df10b28ab44d36ad69f41becbf5c1b996eb

SHA256
81b5bcc7241af4983369f05856d0234994a91e4059e7c19c315a8526e4ce83a3

SHA512
be8ff59277dfe8645878713b1842c6d2d52b253c3fc0c103aa879c71208101a166bca60f1df2c1a61b23e99b2e3729fa9c8875cdb208a4c707e3260e7e50e9c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
666afaa82935aa37bee103fb40d0e406

SHA1
a1e37499a79c5ebc4eb79080fc18f3d700155315

SHA256
35ac9f6a5159ff36b932f2e8df5310062b209d717670fe675ee32dfcf35b8a40

SHA512
56804a1ff5738d70ad679cfcd241610a8da13865b7ef2f2d8b5a481d1db22ea272bc097144043108b503fe95ca86e251a2fd56db1999b6eeb8fed2773abbf431

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
d8bf1aab56f7f73c39413d0bc7d6c857

SHA1
e5090c61b8268b0d49ef326952b9748cd7c7d741

SHA256
0cd5b10d179ac26d2363abd0a4d4295fb448b66a5f7c542ed68a7dddb425348e

SHA512
49a297bb929804cd6a0ce89014911c69daf0eb2ae3a57255f9c0d2eb6d40d7854d488bff218819a978aa0a87cdd5d02c82161154f6b2ecbef39d98c5319f8f45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
c441550289e614ad361280614def37ee

SHA1
34a70d50c3eff6c57e292522a0823443cb9569a1

SHA256
e750308f44a7cdfa9b7d266053b92692237cf70d8931dbc8063c072a62decf16

SHA512
aca20028ddbc3577865538a0644573789538904b99aa9159785a6779f8cd7715b6b4b9007ec537f8251373af2d80a4760a950821836538ecfebe3e377524e2da

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\storage\default\https+++www.facebook.com\ls\usage

Filesize
12B

MD5
1aa6238c49a38068f9149feb44a2db0b

SHA1
035372ad84af747c9f2d19ccddc50a48f24611a7

SHA256
f0b29179dee8c1b28d0b9ffd1496c99b3f504269078f2eda57c1c45ce7a50fc6

SHA512
a025ad2e905abc3b55be132eff86a7f657fce4ccac3c631589bac4b7736fb117fc61fadc1e9a611b960ec05017c3d0f800ca2adad7b1fe5007be97d9866323b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3e5zl51i.default-release\weave\toFetch\tabs.json.tmp

Filesize
10B

MD5
f20674a0751f58bbd67ada26a34ad922

SHA1
72a8da9e69d207c3b03adcd315cab704d55d5d5f

SHA256
8f05bafd61f29998ca102b333f853628502d4e45d53cff41148d6dd15f011792

SHA512
2bce112a766304daa2725740622d2afb6fe2221b242e4cb0276a8665d631109fbd498a57ca43f9ca67b14e52402abe900f5bac9502eac819a6617d133c1ba6a3

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
de1ab3ddd3f3303047f0b44b13818ad2

SHA1
6dfe5d8778964c8fa8e2b4bb22bd9cbe51003a90

SHA256
5014e55334bf9be5c5210b395565f535b98b0526409a39424d79283e9a88f1a0

SHA512
2636c8a089ec713b9fb8c74a92fe2e94db2f1945ebc989db5960bce85e652f3278cb0310aa1261a356af8a94e1f8a31e74c53bac7595b7c3b4c9e0ffe7e8f94d

Download Submit
memory/1268-7-0x0000000000050000-0x0000000000611000-memory.dmp

Filesize
5.8MB

Download
memory/1268-134-0x0000000000050000-0x0000000000611000-memory.dmp

Filesize
5.8MB

Download
memory/3176-0-0x0000000000050000-0x0000000000611000-memory.dmp

Filesize
5.8MB

Download
memory/3176-133-0x0000000000050000-0x0000000000611000-memory.dmp

Filesize
5.8MB

Download
memory/4792-18-0x0000000000CB0000-0x0000000001271000-memory.dmp

Filesize
5.8MB

Download
memory/4792-17-0x0000000000CB0000-0x0000000001271000-memory.dmp

Filesize
5.8MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads