hxxps://onlinerobux[.]com/

Analysis

max time kernel
435s
max time network
437s
platform
windows10-2004_x64
resource
win10v2004-20240426-de
resource tags

arch:x64arch:x86image:win10v2004-20240426-delocale:de-deos:windows10-2004-x64systemwindows
submitted
05-05-2024 10:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://onlinerobux.com/

Score

8^/10

spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
4952	OperaGXSetup.exe
3424	OperaGXSetup.exe
1480	OperaGXSetup.exe
1172	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
3612	assistant_installer.exe
4400	assistant_installer.exe
4552	OperaGXSetup.exe
704	OperaGXSetup.exe

Loads dropped DLL 5 IoCs

pid	Process
4952	OperaGXSetup.exe
3424	OperaGXSetup.exe
1480	OperaGXSetup.exe
4552	OperaGXSetup.exe
704	OperaGXSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe
File opened (read-only)	\??\D:	OperaGXSetup.exe

Checks processor information in registry 2 TTPs 6 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4018855536-2201274732-320770143-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 9 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	OperaGXSetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	OperaGXSetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	OperaGXSetup.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe\:Zone.Identifier:$DATA	OperaGXSetup.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	2856	firefox.exe
Token: SeDebugPrivilege	2856	firefox.exe
Token: SeDebugPrivilege	2856	firefox.exe
Token: SeDebugPrivilege	2856	firefox.exe
Token: SeDebugPrivilege	2856	firefox.exe
Token: SeDebugPrivilege	4952	OperaGXSetup.exe
Token: SeDebugPrivilege	4952	OperaGXSetup.exe
Token: SeDebugPrivilege	2856	firefox.exe
Token: SeDebugPrivilege	2856	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
2856	firefox.exe
2856	firefox.exe
2856	firefox.exe
2856	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2856	firefox.exe
2856	firefox.exe
2856	firefox.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
2856	firefox.exe
2856	firefox.exe
2856	firefox.exe
2856	firefox.exe
4952	OperaGXSetup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 64 wrote to memory of 2856	64	firefox.exe	82
PID 64 wrote to memory of 2856	64	firefox.exe	82
PID 64 wrote to memory of 2856	64	firefox.exe	82
PID 64 wrote to memory of 2856	64	firefox.exe	82
PID 64 wrote to memory of 2856	64	firefox.exe	82
PID 64 wrote to memory of 2856	64	firefox.exe	82
PID 64 wrote to memory of 2856	64	firefox.exe	82
PID 64 wrote to memory of 2856	64	firefox.exe	82
PID 64 wrote to memory of 2856	64	firefox.exe	82
PID 64 wrote to memory of 2856	64	firefox.exe	82
PID 64 wrote to memory of 2856	64	firefox.exe	82
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 1668	2856	firefox.exe	83
PID 2856 wrote to memory of 3032	2856	firefox.exe	84
PID 2856 wrote to memory of 3032	2856	firefox.exe	84
PID 2856 wrote to memory of 3032	2856	firefox.exe	84
PID 2856 wrote to memory of 3032	2856	firefox.exe	84
PID 2856 wrote to memory of 3032	2856	firefox.exe	84
PID 2856 wrote to memory of 3032	2856	firefox.exe	84
PID 2856 wrote to memory of 3032	2856	firefox.exe	84
PID 2856 wrote to memory of 3032	2856	firefox.exe	84
PID 2856 wrote to memory of 3032	2856	firefox.exe	84
PID 2856 wrote to memory of 3032	2856	firefox.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://onlinerobux.com/"
1⤵
- Suspicious use of WriteProcessMemory
PID:64
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://onlinerobux.com/
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.0.164583106\1755405254" -parentBuildID 20230214051806 -prefsHandle 1740 -prefMapHandle 1732 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9d9f843-3720-4aa0-bba1-82f6ef79a4cf} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 1820 1fa2170d958 gpu
    3⤵
    PID:1668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.1.1514522731\1152261984" -parentBuildID 20230214051806 -prefsHandle 2400 -prefMapHandle 2388 -prefsLen 22927 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a3223c9e-40a1-472d-a68b-facb86d9e0af} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 2412 1fa0d387858 socket
    3⤵
    PID:3032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.2.1744773761\316556881" -childID 1 -isForBrowser -prefsHandle 2912 -prefMapHandle 2932 -prefsLen 22965 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4660cc51-dda2-4166-b01c-508d584ee6d7} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 3056 1fa2460ff58 tab
    3⤵
    PID:4792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.3.17369304\1304973292" -childID 2 -isForBrowser -prefsHandle 3620 -prefMapHandle 2824 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f871ddf0-7eee-431c-a7e8-9d0ce2b06429} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 3632 1fa26418b58 tab
    3⤵
    PID:4472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.4.1638607663\369821625" -childID 3 -isForBrowser -prefsHandle 5152 -prefMapHandle 5180 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27c41d74-8726-410a-bb20-fa20240112c2} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 5192 1fa26e5c158 tab
    3⤵
    PID:1864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.5.1493733280\1138700033" -childID 4 -isForBrowser -prefsHandle 5312 -prefMapHandle 5316 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4906d030-d80c-435c-a2e7-117b3467298c} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 5304 1fa27498e58 tab
    3⤵
    PID:2028
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.6.1970285822\1630423521" -childID 5 -isForBrowser -prefsHandle 5484 -prefMapHandle 5488 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7862f969-08f4-4024-b2ca-e2e799db6cbb} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 5304 1fa27670858 tab
    3⤵
    PID:1084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.7.586333684\311410821" -childID 6 -isForBrowser -prefsHandle 6064 -prefMapHandle 5948 -prefsLen 31300 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e36d60bf-2aa8-4c45-ac8e-cea6952a9162} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 4860 1fa0d382358 tab
    3⤵
    PID:2412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.8.232227892\1615620735" -childID 7 -isForBrowser -prefsHandle 2868 -prefMapHandle 4592 -prefsLen 31309 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5424a650-78bf-41c7-98a3-de237555180f} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 3616 1fa27278958 tab
    3⤵
    PID:3792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.9.1792504855\300232019" -childID 8 -isForBrowser -prefsHandle 6076 -prefMapHandle 5924 -prefsLen 31309 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05f02fb0-5441-4bdc-8059-c14f21a2ca64} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 4932 1fa0d33fd58 tab
    3⤵
    PID:3332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.10.683501805\984213045" -childID 9 -isForBrowser -prefsHandle 5360 -prefMapHandle 2816 -prefsLen 31309 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b05ee019-610b-4ee6-8731-6fb29066d784} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 5352 1fa2aaafb58 tab
    3⤵
    PID:4360
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    "C:\Users\Admin\Downloads\OperaGXSetup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - Modifies system certificate store
    - NTFS ADS
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4952
  - - C:\Users\Admin\Downloads\OperaGXSetup.exe
      C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.70 --initial-client-data=0x2bc,0x2c0,0x2c4,0x2b8,0x2c8,0x74d04208,0x74d04214,0x74d04220
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:3424
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:1480
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051025561\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051025561\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
      4⤵
      Executes dropped EXE
      PID:1172
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051025561\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051025561\assistant\assistant_installer.exe" --version
      4⤵
      Executes dropped EXE
      PID:3612
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051025561\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051025561\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x268,0x294,0x484f48,0x484f58,0x484f64
        5⤵
        Executes dropped EXE
        
        PID:4400
  - - C:\Users\Admin\Downloads\OperaGXSetup.exe
      "C:\Users\Admin\Downloads\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=de --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4952 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240505102556" --session-guid=5de6cf00-0ca0-4f8c-b072-b23024d990f4 --server-tracking-blob="MzcxZmNjOThhODEwZTBjYTdjNmMxODNhMGY2N2QzN2JiMWI3ZmNhZTg3ZTJhZjVjOTczMTNjNDk1Y2UxMzk4YTp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9TVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD05NTA0ZDI4OGE5N2Y0NDJkYmUxZjZjNWY0NjQwNzA4ZiZodHRwX3JlZmVycmVyPWh0dHBzJTNBJTJGJTJGd3d3Lm9wZXJhLmNvbSUyRmd4JTNGdXRtX3NvdXJjZSUzRFBXTmdhbWVzJTI2dXRtX21lZGl1bSUzRHBhJTI2dXRtX2NhbXBhaWduJTNEUFdOX0dCX1NWUl8zNzM2JTI2dXRtX2NvbnRlbnQlM0QzNzM2XyUyNnV0bV9pZCUzRDk1MDRkMjg4YTk3ZjQ0MmRiZTFmNmM1ZjQ2NDA3MDhmJTI2ZWRpdGlvbiUzRHN0ZC0yJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJnV0bV9pZD05NTA0ZDI4OGE5N2Y0NDJkYmUxZjZjNWY0NjQwNzA4ZiZkbF90b2tlbj04MDMzNjI0NSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTcxNDkwNDczNC4zMjU5IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTA5LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTEwLjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fR0JfU1ZSXzM3MzYiLCJjb250ZW50IjoiMzczNl8iLCJpZCI6Ijk1MDRkMjg4YTk3ZjQ0MmRiZTFmNmM1ZjQ2NDA3MDhmIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImExMmQ3NzEzLTYyYWYtNGNlMC04MWY1LTJmZDI5OTc4MTU2OCJ9 " --desktopshortcut=1 --wait-for-package --initial-proc-handle=6007000000000000
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      PID:4552
    - - C:\Users\Admin\Downloads\OperaGXSetup.exe
        
        C:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=109.0.5097.70 --initial-client-data=0x2c8,0x2cc,0x2d0,0x298,0x2d4,0x721a4208,0x721a4214,0x721a4220
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.11.1740989918\1174935557" -childID 10 -isForBrowser -prefsHandle 6036 -prefMapHandle 9716 -prefsLen 31349 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {152f201f-1cab-481a-9b6b-056cc52eb5e5} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 6352 1fa2aaf6658 tab
    3⤵
    PID:4392
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.12.1124809995\1471149288" -childID 11 -isForBrowser -prefsHandle 9560 -prefMapHandle 9492 -prefsLen 31349 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5c3e745a-cdf3-4788-b1d6-c7c9758d46c1} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 9592 1fa0d375458 tab
    3⤵
    PID:4116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.13.257185428\796729889" -childID 12 -isForBrowser -prefsHandle 1512 -prefMapHandle 6064 -prefsLen 31368 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cf0de59d-a0ef-478c-8879-3d51635f9ab7} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 5352 1fa2766ba58 tab
    3⤵
    PID:3128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2856.14.333162924\45128032" -childID 13 -isForBrowser -prefsHandle 5116 -prefMapHandle 4832 -prefsLen 31368 -prefMapSize 235121 -jsInitHandle 1284 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {887c81fa-e90d-4047-8e4f-9a91b56ccbe7} 2856 "\\.\pipe\gecko-crash-server-pipe.2856" 4948 1fa2766d258 tab
    3⤵
    PID:1164

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\activity-stream.discovery_stream.json.tmp

Filesize
27KB

MD5
a33df4128b655f487c13f9115d4ceab8

SHA1
b51a3c33f19bbb9c6176bd7ab72e7b3734d9f905

SHA256
1460d2c35eeff874bd3c2922cafeaf145d8d1a5dae92cf803cf66cd884637a4a

SHA512
2b3bf8358e41176cf66d9bb7dde66855fb5e244283b34e4d817832b6e6c1bcbd0972b3757234a449f35e8cad2c23b4a323072c6c31dc299ff092969665383452

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\doomed\12679

Filesize
8KB

MD5
af90ba48abe0c544c2aab566add91b9b

SHA1
904f46c8ae053159a556933d4e174373726ccac4

SHA256
5604acd4892503e711564a584ae1196b2b1605ed0062bf1953646ae8985c10f6

SHA512
2a6d6c5696d7545e34ec4b122d1357656a3fd83f27730fd7ff23b1ce1f2ad9eac0d03719bb0b78806c55b5686201e72f76f0fee3e7a2c7b4a328f66fb458ed66

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\entries\17CCA23DD42280B71B1A1160C9D12526CBAF1AD8

Filesize
16KB

MD5
7b02608dfbb5ecf8291b8f34bfa33c57

SHA1
8660b5c0abef93c2a5eaa4794648be2bb4a7c9d1

SHA256
4013020311aa05b2f7725d94ad325fc0ec9b2b9904b86fa5e0c119623eae60c1

SHA512
7d8748b8c6ad95cf56745ddf56b895f957fba38341ce784211060afe7e1a1dec6598c66440f9ae96cf7b368095872aa4f54107f42d18c845028657b554c11bed

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\entries\270CEA3E43B68CB3908421C8A2FB411F6467E3BC

Filesize
422KB

MD5
d266cd087772f450a7fd23533d02c812

SHA1
a95ef32f2aa24fc06c3724a45ba780b8f5ca4383

SHA256
5c39c87e653f809a463395a02119323a0435c32de1715944e793aaad52a2e6c0

SHA512
55adfebde4e716064f61311c9bff238af6f7182fc0a117b783db6db78b8336f5fe6b1e10e8eef50e39633dd99ace1e512fb1aecad8c4698d3a6590ed8559d5d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\entries\607CFF02B5B847905EB1C08950734AA7522A453F

Filesize
127KB

MD5
ef0e254b78f92b6a5712c7258d3d9fca

SHA1
d2cdd6139885ce88b08df278e2356be4db6994d9

SHA256
cb14b82ec1f170a61cfa5e2ecc537aedace6395813f780ac8bcfb398cc7d21e2

SHA512
696c565bba01c45425a74c1e333345dfdd3ffe724c75cadf3588ff053c25ab8fe6e3de85950cece0c66e0e8d3249ba0358d6600e066929cc12bfac119af58e37

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\entries\CC9AFF3BE02AD27708D587AE49B3DC68644172BA

Filesize
13KB

MD5
5baf4720e4587b34db2b2a7fb1b7c2e3

SHA1
bce3ab549ec3104faf44e963bd34f4877d099633

SHA256
5170c7a92d807dd50105a27ee4d15935c0439e482efa7691f841406d49ace326

SHA512
c2a362bf13c7c7b67a2538908d3e63cbe825f8929768f5e23a17edd410cf8ae34e31efc93191f649df4d361e187a72980cbc9640c986f3d47cea2198e0d72599

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nzxw1g49.default-release\cache2\entries\E03AA153294F88725BEBD5DD1A81E6A5DC2F5F45

Filesize
147KB

MD5
48b9380f712a58853a77a1d0a6b6bdc3

SHA1
344ea2257659ddf2b248827a3f9e37049e742759

SHA256
55e1d5d0bc0b548b49ca553131a18a17fc7020fe965cd6ce08b2953d21e2911b

SHA512
cb04a200589b42bfadcb2ccf9d1bf8cf044d00db82e16e99c0c5d0c9adb67d9e0e6fb398360f599daf743a0f9f269e0f0bc6ce91520e48ad2644f85307372ad7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051025561\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202405051025561\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2405051025557434952.dll

Filesize
5.2MB

MD5
c44227f38d59c590106f011b17eb90d3

SHA1
b99b310fc2249a7879290ca5d2ad915ef588e76f

SHA256
c0a24436f26dc0d4a4be90cc7c75343039f02ff058ca00da06399da839968b94

SHA512
0edc91a06511cedabee7587401f69fccb3ade9747e1855c850806c2f0fef4402ed412dc1c68d03a70b317ee6314fa446d8541e831dbe24cabfafda17aa1b61be

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
25782a78c887c089f900602c1cf08be3

SHA1
d4242958940ff7afbd64df159b5397493fddcc9f

SHA256
f9e36bb21714a5f47e680d79c0d4ec7d965af433bf2ea64ca9196e0ff959151c

SHA512
d6e4448031ecdff6335951f8753d970b605f5b0323920ac98c28ca2860041f84bd6126d4b6ed7d35bd5a5a1b1aac9bc73bb407c84dc89f0d3035d3607431fa6d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
21KB

MD5
4dfb6c88a68420b0fcb71bd7c8adab88

SHA1
86778851ceb94af66d176400811546b8bbe427e9

SHA256
de9cb9ab9c7ff60226519510cb0bcd2f1727f3279bc8f4fce3e82c014000a8dd

SHA512
fcd3e1b23d1b57b2573d2b93ee3f15a744c4e003d75f3bc0c38ce755064f8ac3f0b545cf4d27069e7c9dd3c84b6ebc4f9abd9dfaa70b515ac3c5eb3533a98044

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
22KB

MD5
d17f71b02002a1183fdde9db59d0eb57

SHA1
2769f497dbd56580c2070d40b78e5993406c4098

SHA256
667d067f0e90cf354a3c4edfdb07303d4aa82116f45e222491a71bf4ecefbc26

SHA512
f72195a58db33b307a8a7b3847f3ba912468b6f450aafd76f7529632de91b64ff5113b9d7fefa295b52b186e79e81957139cf7f87f57bf8858d25eb1e53f9588

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js

Filesize
7KB

MD5
9ecfcfe428ad266e82691cae19451171

SHA1
247493c3eb2a188803490bbcc0c94cb06f833289

SHA256
01bda620dbf9a12d3fe11916bfbd94d41092c03d577f6983ebb040019f6a389a

SHA512
6eebb462e428b34583a05ce8261f4f2649cd4c3e9dd53581f42ba27b04b08c5bec8687f108617c63d0376c49f7ed39f53b1919663f7c3e7b07427c3f11857217

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js

Filesize
8KB

MD5
a5465cd1c1c8ff63bfbf15c3781d4b49

SHA1
1ff33fa820245f1f1c6038f602e55caeed42c598

SHA256
8ca1ad3331eb75c345f0bc59b05fbd10e0b1b77f507e9f23714861a999a12653

SHA512
02cbf1048928a0570785c91a176d38bf58cdb4fab1ea793e92ef8ef82fec1cf80f6ed02aeb9cd15a3237c375089e815f1898213e72e0e7705df6998db3dcb3dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js

Filesize
7KB

MD5
f9b3ab4734e0f85e4c991dc9d656206f

SHA1
23587e7d9741e26930681807dee798d9b5f58a7e

SHA256
bff0d24a6bc43adedb28a17535d2cdf77ef9636bea2927f436e889ffd97e579d

SHA512
f16e427bfbd386f8f165a0f7fcf06fae9c9dbecebf88c0c04c7177b982f6205d72ef7a61e82144c6d3d3e6a1d773cf17868a2c103bac5b8af22aca13cdd1ac9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js

Filesize
10KB

MD5
ba0ed48605a61082c75dd7043291618d

SHA1
fc9fddb75104f6fb53a9bd21dc83a24f10a6eb7c

SHA256
565ff9d8d973fc46988c7fe896ac27612f282c26d1a9e577bfac94d9b40d870b

SHA512
7a8aa1abb818a7c72468cae504488f6b7867bbf95ad1053720a1dd3d02e9e714c60a80dcfaeb028effdc9867bdbd84b4d2c5bbae76f145aaf3de199f9041ac69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs-1.js

Filesize
10KB

MD5
065079aaf1e14f5bbd0150852fba5bff

SHA1
98327db5717dcb83c1853ce05cd514f1505abe0b

SHA256
b574f8e4a09edc1e2922335b761d8e22375128d2867c4a50a1a0f20af86844f2

SHA512
a6e72785163985f1247af0e69d21b8c517a1a3225d26b5460bf6b28c6bb3725ef1875154b6a923486037c97d65b8116ad2601bc60700c6fe561c85053fc96943

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\prefs.js

Filesize
6KB

MD5
55b1a23c3b8a585243f5d256fc41fe29

SHA1
a95d931811f4da36aeeb2d2e8b2600961d3ed16b

SHA256
992dbc201ac95059844552bc3f6c104216d03c32d5f53f4c4af479aace7d2917

SHA512
74961cf6e44a72eb6a6f9b6a16c2ffc930ad25bf47a321fba1b0e233bf2e0fcc818681c893e4152c7f0d523a4e8a90d7a83dce2d347c7ca2b29fd8495e9df225

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
78KB

MD5
b856fb4b90088a107df4326bc39a54ba

SHA1
9c73554716acdf163a5fa03c8074e92a77697279

SHA256
485a3019f5f91da9d959274da8f243a742bdafdc9fad96e4f3346c1a74702949

SHA512
9464943573f58461115adfff09e0880cb22d5ebcda3a62ef8f80d91c8fc5ac77fddf107f8e328aafff527320fe1c9b200afdc4d5d7206951200092ed689eb08e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
78KB

MD5
a042fc51d7fa072a26092657704a3179

SHA1
f1bd854d8b7474dcfdd6e215c4978d92ad695db1

SHA256
9571c6cb0086af411c02951e6fc9e08f9f897516261c46768fc962606abe807c

SHA512
31be2843898712af8486ad514828067b1d7e13c6e9641ee65820e14ab49e275d2810aa840a3afb3ed0b8dbac4f6dc95bd5d265f7e3498b9b8a4897055b512093

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
81KB

MD5
36d214352b9ed3c411f852a4c090ad9d

SHA1
efc5b1c2af5a8d718fb16c6f1ff015f3a03cf411

SHA256
3196894d0d5e3f4bc472c2485307938a1dee1950928cf41b366cc62791df63c6

SHA512
bfb5a160e8ac74fab1d290500593ef60ac778cdb35ae3ffb41cbdd9b6741c298f5f0d7a0c64c1aa4712b556b72e8c62f0f4afa4121433450fde2e4517324a593

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
81KB

MD5
98ab2dba99812025d3ac671eac893dc0

SHA1
40953d0e0ee942461a88696431ad70d1f2c8852b

SHA256
a0fd037cd45f16d01200d200cb91acb41d6f92e41fed4bf4dc56b62fb6ba98f1

SHA512
67de206be31a31e1703bb533ef43878174b6d1fcbd6bff6f33f4e72c0c4700cbbced9b1d5806197bf11f893bba84fd066694f5360ecd2a096171ca15719dd101

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
78KB

MD5
b2c2b4e48692c8a8ffa50aecf1acc5e4

SHA1
aba22b561efa3888258fe551035edd7d4c36973a

SHA256
bb41418acee8e983f8e57e84573167c417eaa54f9ea79f120b9f7a2ac7a5d0b4

SHA512
6c1b66f293a54ddb92b1da3fa421771c5ff2c8b9dc6a19d57030eab88a56004839c3d57bd7c6a9a61c006096bbadffe15abfb9414037ae8f21e5463921242158

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
86KB

MD5
447d5a499560cf18f53717878b837d87

SHA1
2d0f1b428cf3e3b8a754a08680869394e26dad22

SHA256
944fe6870e52d9f5ea847ba1965ecaa3ca5c3a7cd5cd26e48ce181df1501fae7

SHA512
9265eeb095feefa316c91fa3bfcffc2773842ed6113ad4c1969a5a605a7d44307a5aba9bb80669b4ade44231ebcca72d81d1d3569f8aa16ed81d8060c03dc789

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
79KB

MD5
20a4ef1ddc9cc50f488eca40a3f8bbde

SHA1
ea3059ed6405e732be3a4932b3d878c680642bee

SHA256
159234a4c2d4a94dfd878461db62ef6b46ac571320b66b4fb3d5b57df4c10fdb

SHA512
3ddba5fcd1d4dbfdbc969422263bf560a47ee99987f313cd784e7cd724717b0bbdee581a00fdbeb5bde2104c5a004e333291ebf742cb4927ed78d65566d85b87

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
86KB

MD5
f544ad86b0e0ea6c31dce89c1c3a8cc9

SHA1
8c64d096b14165b8d9f45f9476e7e696bca2d5af

SHA256
2eee13ad13977f7d7284e75c6fcbf09553854dbfa2e31bd4812f54724ff0fcc3

SHA512
4bb818390d349b58aa2d32ae80ab3e3a58aaf210132422c4fc7fdddbcd4c84a977b2ae7700b8cb8be52c6193110301eda77d3cb7593d97a93312faaf477139c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
85KB

MD5
e2509401df0e00849d9fa6915b98b190

SHA1
f34f68cc41eba3e2db4085159893722330b45cec

SHA256
fc0a43dfa977831bc59aec3b1f428ce658a0b79305505b700d7030a02a492124

SHA512
441c9e05fc2f9caeacdaac2ce9e19fbe55aa7680f11af51f99c9d2b92779e4cfdcb1246d0a0712334d174710206727a1a6d64e748d5751cab1e617bc485061cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
87KB

MD5
24339c8ab138daea05e5689c60a1f559

SHA1
a407f28ef867b6b5f236c245c2b53d94cb30862e

SHA256
19e3d4aad9c1b54b7ae62cfb4f60fc402d320cff9c1d89041a1a86ee40af04b6

SHA512
0781bf3fa91d4ab82be9ff79f0a68b3ad14468479b541a9133afd2227d11517a1d4873cc91681c4f7df25912134903493b0659cb511e2d7fb9509300f0902abc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
86KB

MD5
22cee20582a0334dca1da77aa2da75ea

SHA1
a9a057c16dcfb80ad33a8f778f4d75935a29e89d

SHA256
1ecc480e29e295d999f910b895a2815a12883efed643d1bc42c3b9a417c386cc

SHA512
f25e2b09ac88e991ad896222ed215e589ede77fe5bf6a46d8dcf051ce3023f0bb4ca798e0f17fee5a9b62f76ab745cf4ffa56b3ac401dbad51f719348a5ed271

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nzxw1g49.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
86KB

MD5
3dcc89604f0e0ec56a38ce53136e7b5c

SHA1
27617bd3196880789cd4abd8f91e7c216f96d40a

SHA256
bd3ea0bd5ae6c6061ea6dada53494eb66f027f46b7c2968d603286fd7ead3326

SHA512
f654d51ba7a354565335781727a4507e411a608632016347be4b1c724112e6354a33d73ee5233fdef1164b83f869fdefa6b507962c975a7aa0cebefe82a1317c

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
c410098c4f48566cc1ed10a7c40b2252

SHA1
0a271a662d9b80cb183b2f292074231443f348da

SHA256
daccaa00e0c4bffd71d113084ca1f10d455fc14655f48aa7969d90a58dd1afcb

SHA512
1923ff22020517a118c4f5ab95abe50c477e2ce55f9d02a55740fd8246bcd9413ece9189be7bc8cbfe7127b721b8fe5e5470220eed1547fc4d4280e79cec21b0

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
5.7MB

MD5
0e4990514f50139af2179c102932b05d

SHA1
8a83a82afbc300ad383fd497b43a8f368e035916

SHA256
14e2fdd147705c99ed18d186cd724935c0a1150396f56d4219b7f0e77c859746

SHA512
9b4a163eb3d8e552cdcd8258b2e92381086eae6b02c568249354ecbe39a1ef89310d1d49590ebafab7905e2ff3222aef18066e3e7a4a50e81bc46b8ded1c7437

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads