758c37c6c07ec168b8132ce8be48f7bf49aa52c54963bb665f250f4da466f7f1

Analysis

max time kernel
1041s
max time network
959s
platform
windows10-1703_x64
resource
win10-20240214-en
resource tags

arch:x64arch:x86image:win10-20240214-enlocale:en-usos:windows10-1703-x64system
submitted
19-02-2024 17:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaGXSetup.exe
Size

3.4MB
MD5

eb2c764e107c038d20c7bb01a8e53799
SHA1

af1ac8a04df3e39bd8ed12ece2c3cccdc4fdabae
SHA256

758c37c6c07ec168b8132ce8be48f7bf49aa52c54963bb665f250f4da466f7f1
SHA512

40891c0755a2c2debcc500e6b9650ecfb319be43ab86b65035c486c288e4de6e8477f7add634096d4c394fc899353d88b8cfc2c52610eb718ae0c0d83d0160bd
SSDEEP

98304:oTR2C7AtHVu8sO2IaUYAHkvbJaJNQqPAbsU8968Vuhw:0R2C7O1u8jpVHkvWobIb8w

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
3696	OperaGXSetup.exe

Loads dropped DLL 3 IoCs

pid	Process
4420	OperaGXSetup.exe
716	OperaGXSetup.exe
3696	OperaGXSetup.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/4420-0-0x00000000003D0000-0x0000000000989000-memory.dmp	upx
behavioral1/memory/716-4-0x00000000003D0000-0x0000000000989000-memory.dmp	upx
behavioral1/files/0x000600000001ac39-14.dat	upx
behavioral1/memory/3696-16-0x0000000000E50000-0x0000000001409000-memory.dmp	upx
behavioral1/memory/3696-19-0x0000000000E50000-0x0000000001409000-memory.dmp	upx
behavioral1/memory/4420-37-0x00000000003D0000-0x0000000000989000-memory.dmp	upx
behavioral1/memory/716-38-0x00000000003D0000-0x0000000000989000-memory.dmp	upx
behavioral1/memory/4420-45-0x00000000003D0000-0x0000000000989000-memory.dmp	upx

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaGXSetup.exe
File opened (read-only)	\??\F:	OperaGXSetup.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133528366493294625"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2826985972-2069816429-388129859-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
224	chrome.exe
224	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 3 IoCs

pid	Process
224	chrome.exe
224	chrome.exe
224	chrome.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeShutdownPrivilege	224	chrome.exe
Token: SeCreatePagefilePrivilege	224	chrome.exe
Token: SeDebugPrivilege	2424	firefox.exe
Token: SeDebugPrivilege	2424	firefox.exe
Token: SeDebugPrivilege	2424	firefox.exe
Token: SeDebugPrivilege	2424	firefox.exe
Token: SeDebugPrivilege	2424	firefox.exe
Token: SeDebugPrivilege	2424	firefox.exe
Token: SeDebugPrivilege	2424	firefox.exe

Suspicious use of FindShellTrayWindow 33 IoCs

pid	Process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
2424	firefox.exe
2424	firefox.exe
2424	firefox.exe
2424	firefox.exe
2424	firefox.exe
2424	firefox.exe

Suspicious use of SendNotifyMessage 29 IoCs

pid	Process
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
224	chrome.exe
2424	firefox.exe
2424	firefox.exe
2424	firefox.exe
2424	firefox.exe
2424	firefox.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4420	OperaGXSetup.exe
4420	OperaGXSetup.exe
2424	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4420 wrote to memory of 716	4420	OperaGXSetup.exe	71
PID 4420 wrote to memory of 716	4420	OperaGXSetup.exe	71
PID 4420 wrote to memory of 716	4420	OperaGXSetup.exe	71
PID 4420 wrote to memory of 3696	4420	OperaGXSetup.exe	74
PID 4420 wrote to memory of 3696	4420	OperaGXSetup.exe	74
PID 4420 wrote to memory of 3696	4420	OperaGXSetup.exe	74
PID 224 wrote to memory of 1856	224	chrome.exe	77
PID 224 wrote to memory of 1856	224	chrome.exe	77
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1692	224	chrome.exe	80
PID 224 wrote to memory of 1924	224	chrome.exe	79
PID 224 wrote to memory of 1924	224	chrome.exe	79
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81
PID 224 wrote to memory of 5016	224	chrome.exe	81

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4420
- C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
  C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=102.0.4880.82 --initial-client-data=0x2c0,0x2c4,0x2c8,0x29c,0x2cc,0x73e755e0,0x73e755f0,0x73e755fc
  2⤵
  - Loads dropped DLL
  PID:716
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa23639758,0x7ffa23639768,0x7ffa23639778
  2⤵
  PID:1856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1808 --field-trial-handle=1816,i,374786365404515323,5851123898965144404,131072 /prefetch:8
  2⤵
  PID:1924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1816,i,374786365404515323,5851123898965144404,131072 /prefetch:2
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2100 --field-trial-handle=1816,i,374786365404515323,5851123898965144404,131072 /prefetch:8
  2⤵
  PID:5016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3096 --field-trial-handle=1816,i,374786365404515323,5851123898965144404,131072 /prefetch:1
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3068 --field-trial-handle=1816,i,374786365404515323,5851123898965144404,131072 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3872 --field-trial-handle=1816,i,374786365404515323,5851123898965144404,131072 /prefetch:1
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1816,i,374786365404515323,5851123898965144404,131072 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5008 --field-trial-handle=1816,i,374786365404515323,5851123898965144404,131072 /prefetch:8
  2⤵
  PID:4728

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1720

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:2384
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2424.0.566962939\1984523855" -parentBuildID 20221007134813 -prefsHandle 1680 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b44f2f1-b69c-4d85-9674-23757dcd0657} 2424 "\\.\pipe\gecko-crash-server-pipe.2424" 1760 242f7cdac58 gpu
    3⤵
    PID:3532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2424.1.282995598\378945248" -parentBuildID 20221007134813 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ccd095f8-424d-4a41-bdc6-cc50877d71d3} 2424 "\\.\pipe\gecko-crash-server-pipe.2424" 2116 242e5a71f58 socket
    3⤵
    PID:1548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2424.2.86842390\1965183421" -childID 1 -isForBrowser -prefsHandle 2884 -prefMapHandle 2880 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cac9eceb-b49f-4733-8cd9-d75965c12221} 2424 "\\.\pipe\gecko-crash-server-pipe.2424" 2896 242fbdd3258 tab
    3⤵
    PID:2644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2424.3.1946536339\216773711" -childID 2 -isForBrowser -prefsHandle 3420 -prefMapHandle 3416 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a000592e-40a3-4d34-8bb2-e0d10d20aa1e} 2424 "\\.\pipe\gecko-crash-server-pipe.2424" 3432 242fa4cd058 tab
    3⤵
    PID:4328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2424.4.1999764282\57333633" -childID 3 -isForBrowser -prefsHandle 3836 -prefMapHandle 3832 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5037b63d-d7e9-42e9-a48d-515da0955441} 2424 "\\.\pipe\gecko-crash-server-pipe.2424" 4428 242fdb3f858 tab
    3⤵
    PID:1692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2424.5.1482680976\652640367" -childID 4 -isForBrowser -prefsHandle 1560 -prefMapHandle 4896 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {191b7adc-42ed-4b3c-a81f-70c970d321d6} 2424 "\\.\pipe\gecko-crash-server-pipe.2424" 4916 242fc3f0858 tab
    3⤵
    PID:4672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2424.7.678725327\74380189" -childID 6 -isForBrowser -prefsHandle 5208 -prefMapHandle 5212 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {33637722-8bb7-40a0-817a-31a171aef7ee} 2424 "\\.\pipe\gecko-crash-server-pipe.2424" 5200 242fe84e758 tab
    3⤵
    PID:2308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2424.6.412905034\1590088078" -childID 5 -isForBrowser -prefsHandle 5048 -prefMapHandle 5052 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {527154fd-294a-40c1-94ee-a45ec07963e0} 2424 "\\.\pipe\gecko-crash-server-pipe.2424" 5036 242fe20fd58 tab
    3⤵
    PID:2472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2424.8.1504115916\1863034677" -childID 7 -isForBrowser -prefsHandle 5520 -prefMapHandle 5512 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1316 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {14639e81-f286-4c0e-9abc-1b6c79f6192c} 2424 "\\.\pipe\gecko-crash-server-pipe.2424" 5572 242fdc03258 tab
    3⤵
    PID:4952

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
987B

MD5
836db4300e0362f8b8bdf055f1cdfbd1

SHA1
209cb432d132790b029e5fe127f40f9fd10394f2

SHA256
8850686e003a683a21e2a82a7533c8145d6df0dac9e88ec9bd4f4ec4ab8c9a25

SHA512
12be3d3fd59af7520ce76c55b7a694dc7fe0651c38c03a01ffdd6e7cf6f037113eda0587b6f5f98b678e7bdb0e78221d09c2fffea1e5e1d0246ddac24cfa2ecf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
f9f5089362c479ed546fb90b69fb11e7

SHA1
c2e4b09a6cb77494ab28150abd0d2f999f6ec68e

SHA256
1560bc622043d6fd75442f1601274326bf5efbc5a9b3644e74d2fe86a6346658

SHA512
02ba6946652a083005ae6a7f4d23ad0836994cd0c4bbaa15e76f7986c9af1a813002840ff080ccfec4b4e8be78d1ff9b890a4b651393793265e68f31e939e4dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
daffcea7a5b352a41135c0f37c2c2d05

SHA1
f539330599a8023cca55bdc50b54957fcd8bb1c2

SHA256
7bb1ae94ef18e517a9e013ead6b8a79f2d9318767a616dca580d6f20195cd2cf

SHA512
7cc9768629af3cdd1154568f02a1912373059b01fce968f68ab0f8aa581e1fc17ddb9cd4a57e8091feac37f3ea4ca1689963703ecb390cdacddbbc9e349886ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
255KB

MD5
3bcc4367c382e2a0f0dae82e936c88c1

SHA1
d284c95f4ed2e0b3866f91dab3a3a65625fb6023

SHA256
fd647d0a50f2abe8bc1f67149d81150b9a695e3daac54b06416b4d3632915563

SHA512
f200a60c804526fadf5b3fb17414fe67ded1e8dbb7c0b4086d90cf5a112ad88bddcfb81f2db346ed136a6d416097398c8f716d08b94f4b61ef55df849fd604f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\cache2\entries\0CAEF7F888B762E2BA192BCD450FFE1DFD4D8CA9

Filesize
57KB

MD5
b09bc1e5afb9592863341e8a7ecceabf

SHA1
c4723fd4c2aa4542dba66aa476aa83fb751681d4

SHA256
12b86d8e77c4edd3a42cb97836c89fe4bc15c3525bd08b4ff813173d33113f79

SHA512
55709db70798bece9779a50741f5f8bd09393def5df7c9bbc9cd5b339db82fa31967380df32b0b815d257e254a2849506bb292478c7739897161c53b864ef4a0

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe

Filesize
213KB

MD5
90d0e5cc3436fed59617e8ff4f9d8fea

SHA1
49d22210421feed05054358fbd6d3dd18f252fb2

SHA256
11a8a77d7b4f72ca3424a3c8497da0d948e657166c3daff49838f6dac7bd08dc

SHA512
f6cd723d09566eace7f97490af65dd2e457f9460656759cf15ce93048986cbb0fcd508fb73b2bc51d5b6711772479e0123c159813abd976f5acae3fb186d9d45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402191716579243696.dll

Filesize
88KB

MD5
94f5db6792af6221cfce00a79cb0070b

SHA1
3c2f293b3b6a2e9ad8240cc3b5dbbeb6b992704d

SHA256
94e3a4b432d1631f78a726e8547d5362fed16dad22b819c968f6faa4d96e97c8

SHA512
bf304205f482de2b08a087523fcb9552157ae4a8008ed486352358dbabb6253806a16dfc213088f3f2057b252c141f5c4db91fbc9e615c62b541138e9b759c88

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
361KB

MD5
02c627ccdb93a27b738276b7aef3683f

SHA1
691365cb47635dbfab729761672a2021fcbb79b5

SHA256
401f1bde9d4e2227d7f3fb58777882f187b4896fc2606e9aae8164f7a7eaf6a2

SHA512
dacd34580ed5dfa0482bfd3abde6f083a962946106674b928f358a121892c022783e0123b32141a174f7118a32a010cbd9147078656f959bc6ce8d8dc6ac5e4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
801KB

MD5
7f0ffc16a8f1a5eb42e33768d16cc5f6

SHA1
d3d9fff8d36f21b48dd68d6e4e334ac52bee4505

SHA256
9b60b292f1434c0c86c7c30ac3296c9726ad83cc1e9acd664711636a3047051f

SHA512
0b729bdfc8e7e5e7d5028f549d957bb73f35cecd7a558af34b9b56ee501f25612d1b093d6011da732edbf1b4a2cd7e49e051e7aa60a33f6d3a9e75fd11cb21ba

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
2ae427fb36ff509050e88d3d91fd1780

SHA1
c851c3c5f2817b7964076672b47f47f814163698

SHA256
e81ba4600cbf799c8c78067996b050ee7a93ba0796251dd7a22a95acc77278c3

SHA512
f969f8ba90e767eb338940e13d295c4f0316bbb74ae039fa5d7d1df654c2165df7e7e85ffb533b3984d3ebb3ea82b7e5ca9baf06ec54f5383a59e432093c5a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\bookmarkbackups\bookmarks-2024-02-19_11_hpR55HsqFMxFM2XNGEhK5Q==.jsonlz4

Filesize
946B

MD5
0e62dd9fc763dea539fcca65a9951baf

SHA1
1dfb9c248e3c9669899fcab87c465c36cfb7779a

SHA256
2cd76503ade56e37f2d997f73f19ac1b156cd3493ee7f33c4887949b4d51cfe3

SHA512
1c0a4be5f18271d4e3c175581a1b09451d974a72b3a249fab3c7742abfba55c90a26393ec0c7b787ac09bf37fb206f5a7b4977c797ad60bdb7dd2e79f3f3ab18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\broadcast-listeners.json

Filesize
204B

MD5
72c95709e1a3b27919e13d28bbe8e8a2

SHA1
00892decbee63d627057730bfc0c6a4f13099ee4

SHA256
9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa

SHA512
613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
8e4b45641d19c1f3c2246fe30cb168b8

SHA1
adfc131c25d9ff2085d20fbfaccfa6cabb543b84

SHA256
7a7242b07f22cb381c61f06ccf22d204406b15dbea04c8a398e24db987e1f888

SHA512
f103709b12c73f9139d0853c9ce96c376c7a66960fd941a3a7b148694a99c0c82aca6fe9a2aaca7af79aefc070b5f66daf9cced7599e9bed0617f683056177e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\datareporting\glean\pending_pings\8405c425-7b9b-47d6-b655-3fb4dcada9a8

Filesize
746B

MD5
90a70252f5b8cd76a937e0aad6e48185

SHA1
3945ec57347819ff779e87db982d7fbfaf2ee3c4

SHA256
ef6ff259a576aa24f2ec282018eb836361611a59ba4d3f73a3afb378ad8a8517

SHA512
7680591aea7b55ad6ee9f59257da024f6f2913d6a7a5b0392ca7a3e5adf8fd92bc01456197847b429aa61199b391be46059afea6899558375ce6af9f5a386678

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\datareporting\glean\pending_pings\e2e56f01-7f78-44b3-b250-f2aac5a32b9c

Filesize
10KB

MD5
a9b97b5843bd74d14c0351653ecadc3c

SHA1
71e2a92e9354bac69317128a7ec40dc9a9bc0db4

SHA256
9194d127080aab129673975138c458cb280298b540048204ac73de738e4910a0

SHA512
3ad5e911ebe263ac8240a0eb0c689c159182f8469613fce847883fb74db08102367edbc693f6df2823b3db468235b46c1cf9db42691335fd35ea7bba7fbcef19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
561KB

MD5
80c3e60fe7596e9e9f4cdd230cebaa9d

SHA1
e4845bddf8a68edd486dc0f948cc734c419f3391

SHA256
14c8ed0139b5d0ed28d32dc170edc21de38f8a180338c2bd9f810279a2cb9ca0

SHA512
891e0046e88ebd5ba1e818ef220d028a336c30db02bc20003492572d24575a41769a044e63926c52c9894bd2a77a7ac2eea05ed0efdcf2ae2b23254bb6d1e1ad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs-1.js

Filesize
6KB

MD5
67d360b30faca0100846eab028a56400

SHA1
acf20174913f9918f8c8e838d66473f6f7752f46

SHA256
6e624f5184529766d3f8e7e57f148e24223c89900fede156f85035a61f2768c5

SHA512
a647e8295f6cf9dd32f7bf5ad0f1fc9ab5803b8a3374b702fdff7b5985eabe355b6f8c7252714c5c1fd363dc3e860e01d8182ca4e5753a4248e46ec264bbb48f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs-1.js

Filesize
6KB

MD5
f19b67ac47ec53ad7b98ed300c2cfc83

SHA1
f11a25370167da9fd015d91858a2b18d13272c50

SHA256
569447140cb6d9c17439405c333bff0115d9a271bf7d2ecc7fd918e00279aedb

SHA512
5ba168b81211283201aa8c2b3c3c28a51a58a9a0adbd89ef51170abccea732ac8587a5ea206aae89a6497aa4ed51342fef4c9f7ddab89d495795283bd3d8a245

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs-1.js

Filesize
7KB

MD5
34b3fcd6118be34bda962ccc78fbd88f

SHA1
6d7f8434c257f0e47c1bf2b57195fa243651494f

SHA256
73229317608565fb77a9a15077da65073cf8b0567840b8e6ea5c5fe3798c8a58

SHA512
0e092a8b3aa7c6b88f589507e390799abcba5969379dea55178b0b1fd2dd6f0ca438bf6f7b1f1a2c9ab2fbfe1cc05340c3f0205a472535355c3fcd1194ecfc37

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs.js

Filesize
7KB

MD5
7bdaa96dfa9b1ed6a2fd83d39b9057ae

SHA1
b2c1c1dd78b3abb67585ba79cd85d664801e6005

SHA256
e030f4d2522943b1336879ff576bc4a84131fa5d6e0794421cf642b130e0e716

SHA512
ca7ca682275e1c4309b3395834405eb0cc1f62d49c4e8798bd5ac446fe0b76f987017d5154d8c96ec394733c0528a990c50c28ea34b4bad33fe588639e9f446a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs.js

Filesize
6KB

MD5
d609359ec3502f9828d03f2e6d6b478b

SHA1
a87f5933f52572b9ae4addb60363a61a9c6e26c4

SHA256
f70a36f3f7c07ca1e2264f9f364ce930b75a1aa054d6b510ff5890ab9cfc5823

SHA512
295cdc41348bb2826d6248eb0996f944be58f8f329c72e884b1a45a653fdcb042dfe18868f308fb49e48e9640c270c6683916e85836961066fb10fca6c767d76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\prefs.js

Filesize
6KB

MD5
3f3709937ac167dea4835a2afaf2b9e2

SHA1
7484c71ef7fe34defd6594a129fb984c13e2106b

SHA256
4781363faf0e65496c77db5c4064ab06eb8681e27fbb86b4a721e40a90063604

SHA512
62002b195636f105a29b7e21f1b559d52a6d73beb1ba98dc21742975a54cf616da4c787cf34189f167eadcc8712f6272542c1229dd8a4c69102d1d07380034ab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
a6d73c90bfd86a6b0b6dfb2db9da8e16

SHA1
ae81adb6e71c2105d29ed119e4491d9e6f9d2ff1

SHA256
ed7a0f3306829a411bf936fec8c0b640e5a09f099af2eccfde25b74f639f51e4

SHA512
44c713382f328439bc3f9e695af8ca7da831e036d979c2212f86a2d7ff5d858a875d464e5a6bc6f4671bb52e78ba556b1de23c7081b0bf5b776b34bfaeedb305

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
d519bb3bb0af2469d7b6fb3c856dfe65

SHA1
a51b994076f9df7a1c8101bea736583118c8cf59

SHA256
7f74af1457b2acd353f5b8ad456ec54ec8e83a9ed889a02a72118f2dde03ae39

SHA512
ff2c1df788a3a37a4e99a6ea3f37619f695aeaa5520783319b532c8091d3c0863d8d59ca1d6b7e3b4f9e257b3cd1d4bb1ae4511b4e39b7b92bfb2dbf580cccfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
695b6c7ef28b228f473c9bccc80d478c

SHA1
22b2e4828d363660d67e9399358b58fabedf62fa

SHA256
74a8eb2b5c9fb9df5a27ce81d96362d1d3cabe44b5c6baf742145a93a4a8228e

SHA512
6c0340c27d69df9cab2c186c153f8650206fea183ebe61dd10e379760529683db774bbb9986306ec0931ed5acfa6b047b07af8a1973f44a1381e6c3d8b1f48d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
f533de06102449d83fc1d39325c73709

SHA1
370797161c72cc1da28cffb9e7daadc9d50b9625

SHA256
e156974a98182ae628d1bbd8689b0b74d6916624050a4243859933e8d14ec0e5

SHA512
ea58174acbd38414214de33d4b16596229db780696b73d0f33c8f2f3e554943a927005e3485b8920ddf0668bb518801776f1ff6c7d28cc77f41c94250186449b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
58d1d92dcec2dba454ffd817df3b8402

SHA1
c05a513b248c4267f2fb24f2e3509e52fdf61ad1

SHA256
dd24653e20fe2c6e901088516d5b70e438a235d72c59536a7ba3b76dc7e6df32

SHA512
23eb64ec9aab83223c20fe42100c4eb1cd45e6662419bc36f3ba32d49b73f19d75bb3669e636662421d3a24768581a979acbebccd963303968bb1fafabdf7215

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
192KB

MD5
63a6d9527c45bd92571e454dfe73df40

SHA1
2f6b48f1ba5171077140ac2569246a804748ead8

SHA256
fd3beeb2a8e797ebe3424385d50f83e19517e86e228a6a7c8b956e7d3adeec08

SHA512
de99ec48aa114c9fcbd71a141698f66166974981710fa69813b11d6100eed38f92414ee14f99a05bbd534a7b40450c001a24bad407f1edf49d697c4605148164

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jmbcz9mp.default-release\targeting.snapshot.json

Filesize
3KB

MD5
7f5617f80d771e9bdab602b872f535c3

SHA1
4385a01fc7a921c03bcfa139468e5180adcc03c7

SHA256
dbb8d34990c9270d03d56757daeab4b0549caddb6fb5decb3f57849d7c0e96ce

SHA512
dd9775564558a0d75fa7e901ec49aa4c2ac258cb7757ccf5704cc7636f63ea983b1f260e9ac9dcfaf0ac1d957fa21ba28fac1f9dc5dccaf3a43514404691275d

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2402191716571104420.dll

Filesize
684KB

MD5
4f0958f8d2b7b5087879bacb8102fdf4

SHA1
34f00a430dba94049fc9d25cd2bf9d68a34753d9

SHA256
482305e3adaa0e49af5aaaf5d5765f4d764dbfd4ed3a74037ed506385ce90c54

SHA512
39effdd98a71429423c8edc2166628e49a2b05b6445163d08ea2f276f8f907fac31e0a2b9b61f1e198a840e09a1afa653034968687adfc816968b548206dcd29

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_240219171657596716.dll

Filesize
304KB

MD5
54b8a52518cc72954ecac74c2f6dbc84

SHA1
baa8dcc6fd60de1a421f64fff1e61e09c46966d5

SHA256
b5ddcf69a1df110313b5a741b7f608ffce5bdb76804f29033f84fdc60badca3a

SHA512
9191c2f8ea3f21dba4e6ce8b68afaa85151f40f4168854d9eddcf3493f82d48eb88dc9e91fd4ce5ca26e5bca48c7cc6d9cc4951049bfb7864fb55a85baea1b10

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2402191716579243696.dll

Filesize
192KB

MD5
f779b3ac05fafbb7cdc51e76b6f7ea43

SHA1
2f2c336e3151ccf5141008a1ff3a5db8bdef7282

SHA256
e7fc309e31b34fec183ad9ca2c94aead48844ba2136efacca5e24a8d53b26793

SHA512
64359833f0552da439d4db1a49bfb4d9cade04a3842b003b665b35962ae30befd60ba86ecaed6e3624eccb930bf80a9151991f1710915caec69cd3b31e0e68e0

Download Submit
memory/716-38-0x00000000003D0000-0x0000000000989000-memory.dmp

Filesize
5.7MB

Download
memory/716-4-0x00000000003D0000-0x0000000000989000-memory.dmp

Filesize
5.7MB

Download
memory/3696-16-0x0000000000E50000-0x0000000001409000-memory.dmp

Filesize
5.7MB

Download
memory/3696-19-0x0000000000E50000-0x0000000001409000-memory.dmp

Filesize
5.7MB

Download
memory/4420-37-0x00000000003D0000-0x0000000000989000-memory.dmp

Filesize
5.7MB

Download
memory/4420-45-0x00000000003D0000-0x0000000000989000-memory.dmp

Filesize
5.7MB

Download
memory/4420-0-0x00000000003D0000-0x0000000000989000-memory.dmp

Filesize
5.7MB

Download