73b0cf115b4baa06622e67706739e8f47518f912809b79a39366e70da3f560e0

Resubmissions

10-05-2024 01:52

240510-cavmbsca6w 4

10-05-2024 01:51

10-05-2024 01:43

09-05-2024 22:19

09-05-2024 22:16

09-05-2024 21:43

Analysis

max time kernel
92s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09-05-2024 22:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Vivaldi.6.7.3329.26.x64.exe
Size

110.5MB
MD5

d91380acca246bc420a6b7e1cc3079c3
SHA1

6f852a838e0a7dba730167ed514172e48898b41b
SHA256

73b0cf115b4baa06622e67706739e8f47518f912809b79a39366e70da3f560e0
SHA512

c27375d48b49f45edbdad647970c015a020994c80732b35e10c4e6162e75fa91c1703e84baa210f0e6da196ec099a20ff722fe9b8ae052e0213f3ba75756e837
SSDEEP

3145728:z3jTPLe53eikBD/XrxC/vX3Vls/59+kGsyiQfoocU1s:z3HPI388XX3fs/59+BFK

Score

7^/10

discovery persistence spyware stealer

Malware Config

Signatures

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Checks computer location settings 2 TTPs 5 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	vivaldi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	vivaldi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	vivaldi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	vivaldi.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000\Control Panel\International\Geo\Nation	vivaldi.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	vivaldi.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	vivaldi.exe

Executes dropped EXE 18 IoCs

pid	Process
1816	setup.exe
5076	setup.exe
5020	update_notifier.exe
4480	vivaldi.exe
3352	vivaldi.exe
2300	vivaldi.exe
1324	vivaldi.exe
1068	vivaldi.exe
3928	vivaldi.exe
4612	update_notifier.exe
2704	vivaldi.exe
4436	vivaldi.exe
4656	vivaldi.exe
744	update_notifier.exe
4260	vivaldi.exe
2296	update_notifier.exe
1640	vivaldi.exe
2112	vivaldi.exe

Loads dropped DLL 29 IoCs

pid	Process
4480	vivaldi.exe
3352	vivaldi.exe
4480	vivaldi.exe
2300	vivaldi.exe
1324	vivaldi.exe
2300	vivaldi.exe
1324	vivaldi.exe
2300	vivaldi.exe
2300	vivaldi.exe
2300	vivaldi.exe
1068	vivaldi.exe
2300	vivaldi.exe
2300	vivaldi.exe
2300	vivaldi.exe
1068	vivaldi.exe
3928	vivaldi.exe
2704	vivaldi.exe
4436	vivaldi.exe
2704	vivaldi.exe
4436	vivaldi.exe
4656	vivaldi.exe
4656	vivaldi.exe
3928	vivaldi.exe
4260	vivaldi.exe
4260	vivaldi.exe
1640	vivaldi.exe
1640	vivaldi.exe
2112	vivaldi.exe
2112	vivaldi.exe

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{065C17BB-F6B3-4A04-BBB0-8103F6C2C52A}\LocalServer32	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{065C17BB-F6B3-4A04-BBB0-8103F6C2C52A}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Vivaldi\\Application\\6.7.3329.26\\notification_helper.exe\""	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{065C17BB-F6B3-4A04-BBB0-8103F6C2C52A}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Vivaldi\\Application\\6.7.3329.26\\notification_helper.exe"	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	vivaldi.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	vivaldi.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	vivaldi.exe

Modifies data under HKEY_USERS 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	vivaldi.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133597666726227400"	vivaldi.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC\SoftLockoutVolatileKey	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography	svchost.exe
Key created	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\NGC	svchost.exe

Modifies registry class 52 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.mht	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.pdf\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU\Application\ApplicationIcon = "C:\\Users\\Admin\\AppData\\Local\\Vivaldi\\Application\\vivaldi.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU\Application\ApplicationCompany = "Vivaldi Technologies AS."	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.html	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.mhtml\OpenWithProgids\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.xhtml\OpenWithProgids\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.mht\OpenWithProgids\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.webp\OpenWithProgids\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{065C17BB-F6B3-4A04-BBB0-8103F6C2C52A}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Vivaldi\\Application\\6.7.3329.26\\notification_helper.exe"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU\shell\open\command	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU\Application\ApplicationName = "Vivaldi"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.pdf	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.svg\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU\Application\AppUserModelId = "Vivaldi.6NW574U2MTBV5KEW24NSNZUILU"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.html\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{065C17BB-F6B3-4A04-BBB0-8103F6C2C52A}	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.htm\OpenWithProgids\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.xhtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.xhtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.webp	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Vivaldi\\Application\\vivaldi.exe,0"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.pdf\OpenWithProgids\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.svg\OpenWithProgids\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.webp\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU\Application\ApplicationDescription = "Access the Internet"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.mhtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.svg	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU\shell\open	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Vivaldi\\Application\\vivaldi.exe\" --single-argument %1"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.shtml\OpenWithProgids\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{065C17BB-F6B3-4A04-BBB0-8103F6C2C52A}\LocalServer32	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU\shell	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.htm	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU\ = "Vivaldi HTML Document"	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU\AppUserModelId = "Vivaldi.6NW574U2MTBV5KEW24NSNZUILU"	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.mht\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.xht\OpenWithProgids	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.shtml\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.xht\OpenWithProgids\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.htm\OpenWithProgids	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.html\OpenWithProgids\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.mhtml\OpenWithProgids	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.shtml	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\.xht	setup.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\CLSID\{065C17BB-F6B3-4A04-BBB0-8103F6C2C52A}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Vivaldi\\Application\\6.7.3329.26\\notification_helper.exe\""	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU\DefaultIcon	setup.exe
Key created	\REGISTRY\USER\S-1-5-21-1337824034-2731376981-3755436523-1000_Classes\VivaldiHTM.6NW574U2MTBV5KEW24NSNZUILU\Application	setup.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4480	vivaldi.exe
4480	vivaldi.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	3876	Vivaldi.6.7.3329.26.x64.exe
Token: SeIncBasePriorityPrivilege	3876	Vivaldi.6.7.3329.26.x64.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe
Token: SeShutdownPrivilege	4480	vivaldi.exe
Token: SeCreatePagefilePrivilege	4480	vivaldi.exe

Suspicious use of FindShellTrayWindow 14 IoCs

pid	Process
5076	setup.exe
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe

Suspicious use of SendNotifyMessage 11 IoCs

pid	Process
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe
4480	vivaldi.exe
4692	firefox.exe
4692	firefox.exe
4692	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4692	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3876 wrote to memory of 1816	3876	Vivaldi.6.7.3329.26.x64.exe	85
PID 3876 wrote to memory of 1816	3876	Vivaldi.6.7.3329.26.x64.exe	85
PID 1816 wrote to memory of 5076	1816	setup.exe	89
PID 1816 wrote to memory of 5076	1816	setup.exe	89
PID 1816 wrote to memory of 5020	1816	setup.exe	91
PID 1816 wrote to memory of 5020	1816	setup.exe	91
PID 4480 wrote to memory of 3352	4480	vivaldi.exe	94
PID 4480 wrote to memory of 3352	4480	vivaldi.exe	94
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 2300	4480	vivaldi.exe	95
PID 4480 wrote to memory of 1324	4480	vivaldi.exe	96
PID 4480 wrote to memory of 1324	4480	vivaldi.exe	96
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97
PID 4480 wrote to memory of 1068	4480	vivaldi.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Vivaldi.6.7.3329.26.x64.exe
"C:\Users\Admin\AppData\Local\Temp\Vivaldi.6.7.3329.26.x64.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3876
- C:\Users\Admin\AppData\Local\Temp\CR_F6865.tmp\setup.exe
  "C:\Users\Admin\AppData\Local\Temp\CR_F6865.tmp\setup.exe" --install-archive="C:\Users\Admin\AppData\Local\Temp\CR_F6865.tmp\VIVALDI.PACKED.7Z" --vivaldi-mini
  2⤵
  - Executes dropped EXE
  - Registers COM server for autorun
  - Modifies registry class
  - Suspicious use of WriteProcessMemory
  PID:1816
- - C:\Users\Admin\AppData\Local\Temp\CR_F6865.tmp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\CR_F6865.tmp\setup.exe" --vivaldi-install-dir="C:\Users\Admin\AppData\Local\Vivaldi" --verbose-logging --create-shortcuts=0 --install-level=0
    3⤵
    - Executes dropped EXE
    - Modifies registry class
    - Suspicious use of FindShellTrayWindow
    PID:5076
- - C:\Users\Admin\AppData\Local\Vivaldi\Application\update_notifier.exe
    "C:\Users\Admin\AppData\Local\Vivaldi\Application\update_notifier.exe" --unregister
    3⤵
    - Executes dropped EXE
    PID:5020

C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe
"C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe"
1⤵
- Checks computer location settings
- Checks system information in the registry
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4480
- C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe
  C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Vivaldi\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Vivaldi\User Data\Crashpad" --url=https://crash.vivaldi.com/submit --annotation=plat=Win64 --annotation=prod=Vivaldi --annotation=ver=6.7.3329.26 --initial-client-data=0xf8,0x11c,0x120,0xf4,0x124,0x7ffcdad82c90,0x7ffcdad82c9c,0x7ffcdad82ca8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3352
- C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe
  "C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --running-vivaldi --field-trial-handle=2000,i,11109144247682848556,5279602603141564440,262144 --variations-seed-version --mojo-platform-channel-handle=1992 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2300
- C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe
  "C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --running-vivaldi --service-sandbox-type=none --no-appcompat-clear --start-stack-profiler --field-trial-handle=2184,i,11109144247682848556,5279602603141564440,262144 --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1324
- C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe
  "C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --running-vivaldi --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2500,i,11109144247682848556,5279602603141564440,262144 --variations-seed-version --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1068
- C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe
  "C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --running-vivaldi --field-trial-handle=3004,i,11109144247682848556,5279602603141564440,262144 --variations-seed-version --mojo-platform-channel-handle=3000 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3928
- C:\Users\Admin\AppData\Local\Vivaldi\Application\update_notifier.exe
  "C:\Users\Admin\AppData\Local\Vivaldi\Application\update_notifier.exe" --launch-if-enabled --browser-startup
  2⤵
  - Executes dropped EXE
  PID:4612
- C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe
  "C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --running-vivaldi --field-trial-handle=3504,i,11109144247682848556,5279602603141564440,262144 --variations-seed-version --mojo-platform-channel-handle=3392 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4656
- C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe
  "C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --running-vivaldi --field-trial-handle=4224,i,11109144247682848556,5279602603141564440,262144 --variations-seed-version --mojo-platform-channel-handle=4216 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2704
- C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe
  "C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --running-vivaldi --field-trial-handle=4396,i,11109144247682848556,5279602603141564440,262144 --variations-seed-version --mojo-platform-channel-handle=4336 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4436
- C:\Users\Admin\AppData\Local\Vivaldi\Application\update_notifier.exe
  "C:\Users\Admin\AppData\Local\Vivaldi\Application\update_notifier.exe" --is-enabled
  2⤵
  - Executes dropped EXE
  PID:744
- C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe
  "C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --running-vivaldi --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6280,i,11109144247682848556,5279602603141564440,262144 --variations-seed-version --mojo-platform-channel-handle=6300 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4260
- C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe
  "C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --running-vivaldi --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5628,i,11109144247682848556,5279602603141564440,262144 --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1640
- C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe
  "C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --running-vivaldi --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5908,i,11109144247682848556,5279602603141564440,262144 --variations-seed-version --mojo-platform-channel-handle=5652 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:644

C:\Users\Admin\AppData\Local\Vivaldi\Application\update_notifier.exe
C:\Users\Admin\AppData\Local\Vivaldi\Application\update_notifier.exe --from-scheduler
1⤵
- Executes dropped EXE
PID:2296

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
- Modifies data under HKEY_USERS
PID:3640

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:4500

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4584
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4692.0.341965781\154985117" -parentBuildID 20230214051806 -prefsHandle 1784 -prefMapHandle 1776 -prefsLen 22244 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {38a545a6-084b-4ae9-b68a-ecc9f9e7fcf8} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" 1868 191b1a04d58 gpu
    3⤵
    PID:224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4692.1.1494971083\326429745" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2420 -prefsLen 22280 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28bfaf3c-52be-4ca2-b2eb-df9d37d6698b} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" 2436 191a4d89658 socket
    3⤵
    - Checks processor information in registry
    PID:1476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4692.2.1337964092\1210960009" -childID 1 -isForBrowser -prefsHandle 3048 -prefMapHandle 3056 -prefsLen 22318 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5885976-27f3-4c2f-806e-7cb194ebf3d9} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" 3092 191b43e5e58 tab
    3⤵
    PID:4264
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4692.3.759527484\261864139" -childID 2 -isForBrowser -prefsHandle 4184 -prefMapHandle 4180 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9bbd05f-c775-4002-a0a1-6f3856f31f7d} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" 4216 191b6f0e858 tab
    3⤵
    PID:3248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4692.4.778857948\2005911336" -childID 3 -isForBrowser -prefsHandle 5244 -prefMapHandle 5240 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3674b11b-d5cb-475c-8cf1-8227855c4d43} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" 5256 191a4d40958 tab
    3⤵
    PID:5020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4692.5.530420281\1564362803" -childID 4 -isForBrowser -prefsHandle 5464 -prefMapHandle 5412 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2383227-dd67-4acc-9cd3-e4b602720a2e} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" 5380 191b8381c58 tab
    3⤵
    PID:1060
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4692.6.841548758\1934741842" -childID 5 -isForBrowser -prefsHandle 5556 -prefMapHandle 5560 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1292 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e07f0bff-94b6-4727-9b15-7fb03cab182b} 4692 "\\.\pipe\gecko-crash-server-pipe.4692" 5544 191b8381658 tab
    3⤵
    PID:2616

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\GOWSKSPC\appcast.x64[1].xml

Filesize
1KB

MD5
19d051bbdd7068603ba521d51724f233

SHA1
dc9008dfdffdd8f22d6b6ec1f8dc7634986b3351

SHA256
3ac244dcb3a4f227bc65ad147f523050d9c7f0d87b49d1e5761df00fabcc8bcb

SHA512
c973bf7f8066c9080ed126145fcc6236990b068464469428ada5a31ef18a1a5f2d95af2570ea283589acebf88d8095e7f146e5c2831f7222d765f8a5cd89481e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp

Filesize
29KB

MD5
095474dd97371b038c5f278d528f812d

SHA1
077f6e1b7f9f7c54d22f6453117e420c4b4cfa0a

SHA256
06ce936baf325c82bfe6acec21610da83dec3563b1b537273af79efac0357f0d

SHA512
a8cb107c90aa4849efaf955121ddc11298fa78b2d6c0681c53f616cea92f8870f430c160a6201819f7c8af7dce3b0297436a4ea38b3bde403f2366f07b3cefd7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\activity-stream.discovery_stream.json.tmp

Filesize
30KB

MD5
4d50e2d285e1a177c7de64b70ed4374a

SHA1
8bf2d5c79540ecb62994743f972ff4b2fb8fc981

SHA256
638d8d64aee511df53b4fb79a5ab13bad44a66cc9dd42854e6167b4badc2310c

SHA512
4dc02299f9d8dc5ac54c37c23a241c52f89e47370d8bb411e6e4d1d6ce16ed1926dc5eacf0288d1bc64a812b5cc69d23c5eab0bbd2c8bc9823ebf4b757c9593a

Download Submit
C:\Users\Admin\AppData\Local\Temp\CR_F6865.tmp\setup.exe

Filesize
19.0MB

MD5
cae2b3a1d5fcb12fcf92fda463714e77

SHA1
76a1fcb7f3be5c1227227c178677349c8b5f4f26

SHA256
978ac79d4303555f25b384113de680896fe014cb2f74fc392b3684295320e150

SHA512
981c0381207721a5de42c83f27ff661ea98c6c9071308f4d6ca81b5c7a132b87ea4ab96f61f8e8ce2b8689f8341c96a85d24f4a028050621b54d4bfdcefef210

Download Submit
C:\Users\Admin\AppData\Local\Temp\vivaldi_installer.log

Filesize
389B

MD5
4dfafddb4b3f8540549176d85af7229f

SHA1
3a841617aad640a6f5f6fe52de83f0f352b818d6

SHA256
2f5ae0e4728851dab2db69b73622aa007289e83afae7e2a63699486dde1ea986

SHA512
69251ab1502b8be897d4b13584b008a8452ea01d8d70b77e75e896bbf6613a6092eee41735af3eeefaf8cbcc0449e8add5fe6037d0d9c6154f7b046d0c8d3dad

Download Submit
C:\Users\Admin\AppData\Local\Temp\vivaldi_installer.log

Filesize
1KB

MD5
d1da305a9ce5d7c2ebaa6aa629645ada

SHA1
25e15a8940dbc1229dc874fa7cb06e7b5dc10c13

SHA256
69700cc9340603ba7bc1c57aa37258f178e328523074ff7d41eeadb353989522

SHA512
905f8d25fb5924fb30693f91715da9ecedbbe002c0bc535db0b74f71995a79da69cbdd0b703d59535e2140ec65c98c6ec21535c42d0910bd144f3e20f37b4e60

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\Application\6.7.3329.26\d3dcompiler_47.dll

Filesize
4.7MB

MD5
2191e768cc2e19009dad20dc999135a3

SHA1
f49a46ba0e954e657aaed1c9019a53d194272b6a

SHA256
7353f25dc5cf84d09894e3e0461cef0e56799adbc617fce37620ca67240b547d

SHA512
5adcb00162f284c16ec78016d301fc11559dd0a781ffbeff822db22efbed168b11d7e5586ea82388e9503b0c7d3740cf2a08e243877f5319202491c8a641c970

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\Application\6.7.3329.26\dxcompiler.dll

Filesize
20.9MB

MD5
d1ba3c180b4d4ef504a4fc7792e2af12

SHA1
56b58cde3938ba13e197f9b51e7c94f593aa77d8

SHA256
67e3c9cf5ba538d4afcb72721a7c94ef90af22069943a6a8ccb916575a2a8de6

SHA512
7b9a23791bdce2e77b9ac8785b5e96cef3c2b77f76e32eb0849122525989064e050797b39dadb266d188e4fa65cead4cd9fc1800b2a1b1d4272294a83a180a43

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\Application\6.7.3329.26\dxil.dll

Filesize
1.4MB

MD5
cb72bef6ce55aa7c9e3a09bd105dca33

SHA1
d48336e1c8215ccf71a758f2ff7e5913342ea229

SHA256
47ffdbd85438891b7963408ea26151ba26ae1b303bbdab3a55f0f11056085893

SHA512
c89eebcf43196f8660eee19ca41cc60c2a00d93f4b3bf118fe7a0deccb3f831cac0db04b2f0c5590fa8d388eb1877a3706ba0d58c7a4e38507c6e64cfd6a50a0

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\Application\6.7.3329.26\libEGL.dll

Filesize
468KB

MD5
5c6613f056f7b583348783a75bea4a1b

SHA1
76ed544bfd7248848b282f605c0110bb0bcfdad2

SHA256
de1385b39235ba280bc64f9b5e99c0423404b0e33a19e2cc674b17a9caaa9bfd

SHA512
cb577988fee92d94e6df03f3dca0db2a05b67d25e8dbdc2b73d170bdd0c56a25163bcbf0c067bcc3601647759980f46570daee5a42d5b217114dbf616c50d1a6

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\Application\6.7.3329.26\libGLESv2.dll

Filesize
7.6MB

MD5
71631fe103bef5c9ff5f0a872ef4194b

SHA1
5b14f9583ebaebe9ef7f3fbaecac861467e6982b

SHA256
f3270ad3cb6fa6b7d540c3db93e55562cacaab9f5abaad159a4ee42b96197ed6

SHA512
563dea31d517da3abe72d623252f2f084ff0954f270a188292b84b3b4964e447c188105f463c54976841b4b63bdad0e40550363d9a4c5984b5d9558c5e8a4ba4

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\Application\6.7.3329.26\vivaldi_elf.dll

Filesize
1.2MB

MD5
e9f10c9502315fe0cb47d317b0388cba

SHA1
5f2062b1b29cf099fda3a1404792cf934841e300

SHA256
acdbe2d4df968bb665f9987774034816700a4e720023d3d508b078ec0284532e

SHA512
e82b134ec25205dd902ec5c4d15f86f44c4a24b9031e1aace6cdffede285b31b5c16b88592bbc222ea8f14e81691a69f84257f2297a29670411aff962216838d

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\Application\6.7.3329.26\vk_swiftshader.dll

Filesize
5.0MB

MD5
69287b75315942537572e2ff3304eb22

SHA1
b8b4323079987fb02491ddb128ea1207a81b4741

SHA256
bf77c6e593ce51bb8300ce9ffb79988b33026585411051993859e9c182b2f799

SHA512
986d977cdb305b78b385f636b3d2f319b089a3710a351d860810a03025818dd755c66896f2d615c12dcc1495866c7dbb9ef4afc8a22c017d548b46e74cc1b6c6

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\Application\update_notifier.exe

Filesize
3.4MB

MD5
8795d5b25116b9e340aa4d6f4d6772d6

SHA1
dac003e61ac23e97fccc2d0f70b599c41e7e88bd

SHA256
8c003af1462efde20975f45f45a9d8d93f59da5bd1694e6e931b28da82007794

SHA512
c5de9b9387adb347fb01a0ed5ede9006408cba280788af92b8186a9990838e8ecd2b64e5c376486f7726a7908d148d305a4eb16ad23ecd535902a87029c76a99

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\Application\vivaldi.exe

Filesize
2.4MB

MD5
4bcac3141cfc8210cde396f2b37c0a67

SHA1
1f90a1e006b45117215c7dbb9bda78692c46b533

SHA256
f6b7fa2785a730e609f7d4a124da0a03dc126f8cdddd44aef61865b5d2309dbc

SHA512
8f2baa4b802bc4739b58ce4bd7c33d118c367f0b097119151f9100fe203278b84ca24ff8caeea5df3986f27692eb2f17e89b2fee07f6658efc71face4c9f12e2

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\2fba166e-b228-4fa7-8dbd-5b3622208792.tmp

Filesize
163KB

MD5
2e60b3761696e831e249d20abb168b23

SHA1
aa3a4d0d75f577a4dbd5e115a6c8ce7b5a404a09

SHA256
69403aa247e898b19fda7ef1ba99e1d3bf7afcb8b2f795934497fbdc229a6ac8

SHA512
0554b1c72c8333f5dac213efa869714aec35235feecdd0a7530caf03519e399429d8d38ff8fcbeef73824c812c9b05a7fd16b4099160785f373b9ffebaac3d99

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\AdBlockState

Filesize
13KB

MD5
e6e0d31079bd00673e9c9b9bf455fe07

SHA1
c0c4df86cca8ee1f17ba60ae6a96789f5725db66

SHA256
6e5f6fb46446f369e51232d0353ba0f629938e4edcc7e0f3a36ea10739a2bfc1

SHA512
04e7cbc6560e817abce317d29493642953f1d9c98cfe6b751f49e8cedafad2038485541ee35912a5d84308667e54f488cb821f12dc966328260fa4c72a2ba8bd

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\AdBlockState

Filesize
13KB

MD5
327f92f35e2784dd1d322082c9f83b44

SHA1
2368c8a10333e8c48821673e523eda9d29cf148d

SHA256
be2e5b29c7e581a8f4e6d8a809a9bf1f9f9d2834252470c35cc059f412d5cf5c

SHA512
d7e8b72faba1040f10b022efa9ae0af5cbd09745a1604add77a094361a0e913ac1ea7d653b001cd12f4b94d2ae7d9b6780c659fc7acd64eb083847cfd0c64e93

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\AdBlockState~RFe57dcf2.TMP

Filesize
12KB

MD5
85df25b218d85f7f76bd2b443d34ba10

SHA1
0022160bfd4993d0df43e7993c6a811948111e51

SHA256
848abebc74171032c6105e7157b273339346f4d3219b2a4cd00540bbd3b1dad7

SHA512
6f63e4c1b0a540c8647bae53b319283f1377b67aae32cfba92318b4b5604a0de3aee863345878bbf8390bb56fc0c475cc796651003848eba23cc481139a694cb

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
6c01a74ddc3e41b91701a96b923da27c

SHA1
e113736338f04bc6d63aef8e9c0bfcd26fae17d5

SHA256
8afa4f65cdec4d1ad288e8cb39deb8eef15af058b7462cf31819c7b17e3e5914

SHA512
7788f97cc89a978b2a64c0c46061c247175fb748794476c6e44f1672b3c70fba5b296419af80d04d74530cb35eda436aa0c0a40757e670eea46bb90b499f510e

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
c8b008492c77154aad539b32d3d35439

SHA1
0b5d03e4de4e25641849fc7cebdd6c701c461522

SHA256
8f37f9190af01a003edb0aee987c809b3989851c9d56a386d88b720cbd95f10c

SHA512
b8b229bc0c8b144642111ce36ec514728a0962b80964e182653c29c892375510015795d695d42c08a76d9f4de80a17145c78784adf2bfd775fab8ba4ac12d230

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Network\Network Persistent State

Filesize
480B

MD5
4707de1d88dc24c187f286371801a30e

SHA1
4aa085081b51786bc4ad111c9935f560acb81633

SHA256
e2914d548298637be50de4ee2d7d2a39ca23264c9341c933e7f7391f69cf95a9

SHA512
75676f15f5d3b417d58427f683192a18bf1377bfd638b915608fd25da5751968d7f9387f3da202741541c35fed995f704531dcb0848a2748b673e4458ec41546

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Preferences

Filesize
8KB

MD5
f548207d3a01089354f3e1c5367b44bb

SHA1
5f5c4087cf62944b17d1adc1b30ba92b6dc02547

SHA256
6def3156bc7133cbafdb99777b178eaac87341530156f2c0511ec976a616a3b4

SHA512
f3c77cd7835c29ec80e13c78b0bc8dfa3d3847645bdd87d1038e50046ed03e9b726d5787346bad2402221a23274fc9f212b72afb16e52b451c5ba2bbe994663e

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Preferences

Filesize
8KB

MD5
b628d09b65d6f626fe66f94dac297a85

SHA1
97625460afbbeb0faa5463a0b421558fd3f4fbc2

SHA256
8c9c26a56fa45f987f2aa32204841747ee08681d0112e59ac3c17b75a7c605ac

SHA512
b7483842556a149af825913a143a822010695a58c96004ffccf2764924db375e9abeac87ec9756048c5ef45d160b32dc484c0719695d44212516b65de1373cfc

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Storage\ext\mpognobbkildjkofajifpdfhcoklimli\def\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
7249a72269cc29e69f98851974d0f054

SHA1
39162471049ee1eefd2052612dc49f28571a010c

SHA256
77c08531747356489367cf90bb3b11845627ad37818b08d4529eb0dd097a85b0

SHA512
d9629fcfbc30edbf55b3750edc0860a48c9808dbf88808555bfd36229793637bdedae60057a6487977a4ae8ad9caca710977473125417ef0038961b9f2200773

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Storage\ext\mpognobbkildjkofajifpdfhcoklimli\def\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Storage\ext\mpognobbkildjkofajifpdfhcoklimli\def\GPUCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Storage\ext\mpognobbkildjkofajifpdfhcoklimli\def\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Storage\ext\mpognobbkildjkofajifpdfhcoklimli\def\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Storage\ext\mpognobbkildjkofajifpdfhcoklimli\def\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
d211a99b27b9e5efdf44c836c2b0e08e

SHA1
8c918b27b2f293e56b5d6beb607b919676fc782d

SHA256
a60fc309dd43a95ef1d6328c29f98f1f18c226557b2124a46bfc7695ff4ac679

SHA512
969cd86772e098a07ece118d77b58091b4eefbf0f6520489077c8edcad5feeb0f94236ff12816b6fbbdd29738f017e655b5dda626b5ed4f635d2ff3ac5e55038

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Storage\ext\mpognobbkildjkofajifpdfhcoklimli\def\Service Worker\ScriptCache\index-dir\the-real-index~RFe5803d3.TMP

Filesize
72B

MD5
1945b044f4bcebe4d1e39f1027f7ffe9

SHA1
3475b0e7bbfbf1890bd17536863e11a954502487

SHA256
519991d62d283fd065aec0af7b71f653690807af5b25eff9705b8f2152adf0f3

SHA512
993faecbccc6a49c94dcc1f55c4fa75ae511cd5fac33782b47502a90f42a245419d7fe2a321f45e29af480e3f2aab151ff4c79f64c23e7b1d278d9a51f9ce098

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Storage\ext\mpognobbkildjkofajifpdfhcoklimli\def\Shared Dictionary\cache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\Sync Data\LevelDB\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\f6069427-c893-4b73-abaf-37b8c0b8b461.tmp

Filesize
8KB

MD5
42e343ef5dd98fedfb2d07c194a6cfa1

SHA1
469db4fe1444c9064bbf5f5178875aded29d548d

SHA256
1feb99a134c2c4b1e6a82fa9dee68afbfe02a9478b0306dbf00665bf7e6bfc73

SHA512
504bd566f7762310daca2225fd9c4b5a8229777367868b7f912e64e8d27bd1e7052534a544a7c6c0946bb19a77342b3c88188c92cab736b736d814f76e528b6f

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Default\shared_proto_db\metadata\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Local State

Filesize
3KB

MD5
00a9403a0f76d2746c8d8e2409313271

SHA1
43d77459701a7186f59a41378449d236b2c94c68

SHA256
0f9626cd6faa6dfea356473bc53ee7b06e4c9271049aed7a716234606a75c729

SHA512
047d65043ab76d1b4912007b4c01d0e75abc50e222bdf4d65f3d70873c2e880427943a203064f89428018172eeca7a23b2bdb240c9b8d0ab08bfb3e24be2ca38

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Local State

Filesize
933B

MD5
803062978e1355a6228d07a00450b4ae

SHA1
ce0e00c7c4d3cfa0c99bed971c832b1b152bd30b

SHA256
432988b8ea271e956ffc144d752147d29d67d1350b1162b85c122a5ba8d6c64c

SHA512
5b33244b32bf47802cae258868afa654d4979ed677b50b4cb0bb3cdef98be5d04b33154bd0a36c7aeed355314df5015257cd7373ba80ad7913718519bee1f224

Download Submit
C:\Users\Admin\AppData\Local\Vivaldi\User Data\Local State

Filesize
5KB

MD5
540e5b795d4292df195341b52dec8f1b

SHA1
cba4f90a88b54e4195df5344794910ebb58f08cc

SHA256
0b8ccce8166b1b2de3efcf8f716f230cdb391549b742c7599ed1921a76c9c101

SHA512
a084c103e21e2d6d30b749b7dff81401e8fbe279a5c4d0d7e7401b75f3d49caabfebcab4268002d3b97f8ab738a8f3415444f7cde4e3bfd2c281d632852a8a1b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Vivaldi.lnk

Filesize
2KB

MD5
b3ce172feece1f6176d05fa246f3fdc9

SHA1
c7aaeea1093c9a87aaf71ccdeb12a90a9afeb436

SHA256
754a7420385de7072b7b788ccc4203d36cc99d042e4697a14b5254a8d5337026

SHA512
1428008815cfbfcea584484209d964b5417cbd97bc80e593e74933b04555f9094a1f6ee5b847cbbcc6aba7af6199094ccb75defadeb467a82d33441dd1f1339c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js

Filesize
6KB

MD5
561f822861bc0454c228d6d133d43ebd

SHA1
07d9e1f3b8972a7af55d567ef08e1300c3849d0b

SHA256
3738b11e61b1df65faca8e7fb0aa908ff411e5dc5d42d960e34648382ed497a8

SHA512
eefb74f30a27d27c4b0ebe1c94a47294732426b397369527f2d9e08112a2036f585230d04155c935079b495758672b5acdc049c8855d84bd4d0f51292bc6c95d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\prefs.js

Filesize
6KB

MD5
93a38eba4db3d92b505f0d143af0da8e

SHA1
846013dc8912b915d8c6dcf9aa8f76334d2ca76d

SHA256
5032f4f5f3bd685ed391eb27068e5f488ad900a806ee4f4eecb655f627dc5bd2

SHA512
2da4dcfdb7b81020d1ea6c81eac1583bb7c8c9d7dcfebd5ff645b7d5ffaa8300482934d0447cc84fb687c5b17102de40947a3dd9bcaab340db51c7e795f08ca2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ue3bcu6m.default-release\sessionstore.jsonlz4

Filesize
907B

MD5
dce1f55889b59098e177f06c696c215a

SHA1
78202d3232135d51e1a8f690273c0574a5791b51

SHA256
ae6de2c7a5b229db84b509364032e5af0dbb2c68a0e6da194012052642801d4b

SHA512
66632db95f008c53058145502119f3cde6b0a5548aec70b703660f28b71fa6342b310637dd4cb0a834f6deb22fce7e77db9addab9f860b3ecfeda06beac756f9

Download Submit
memory/1068-149-0x00007FFCE83D0000-0x00007FFCE83D1000-memory.dmp

Filesize
4KB

Download
memory/1068-150-0x00007FFCE94A0000-0x00007FFCE94A1000-memory.dmp

Filesize
4KB

Download
memory/2300-50-0x00007FFCE7F90000-0x00007FFCE7F91000-memory.dmp

Filesize
4KB

Download