dbc9a0c0dd324e907212e11a01bf6387eb5221298f9fcacb20c7dc89fe9f7a12

Analysis

max time kernel
120s
max time network
123s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
02/08/2024, 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

OperaSetup.exe
Size

2.0MB
MD5

0ed8621a85ab4dc47e59aef9536a1d44
SHA1

f980494ebb1cc3b726155073dfbb7dc7a6adade5
SHA256

dbc9a0c0dd324e907212e11a01bf6387eb5221298f9fcacb20c7dc89fe9f7a12
SHA512

ca6f4d6e6e71c448a51b2ee7d4917d9f37c6ed5d3e56d36487b2526f5b0d3b19d502999b5ff755f0a85ce5af297f82675a823c93255c61121758c1daa3d362da
SSDEEP

49152:4VAbwCTx2h3bfEF337LYkDNqxyAnEnNZeZpWV41ktqwaqawPoSSXPbOvl:0ARTsrfEd379NwyAENZe68kKKoRqvl

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
2468	setup.exe
4084	setup.exe
1276	setup.exe
4512	setup.exe
1568	setup.exe
2912	Assistant_112.0.5197.30_Setup.exe_sfx.exe
208	assistant_installer.exe
2004	assistant_installer.exe

Loads dropped DLL 9 IoCs

pid	Process
2468	setup.exe
4084	setup.exe
1276	setup.exe
4512	setup.exe
1568	setup.exe
208	assistant_installer.exe
208	assistant_installer.exe
2004	assistant_installer.exe
2004	assistant_installer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Assistant_112.0.5197.30_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-355097885-2402257403-2971294179-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2536	vlc.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
4428	msedge.exe
4428	msedge.exe
2988	msedge.exe
2988	msedge.exe
3996	identity_helper.exe
3996	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2536	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

pid	Process
2988	msedge.exe
2988	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	1472	firefox.exe
Token: SeDebugPrivilege	1472	firefox.exe
Token: SeDebugPrivilege	5176	firefox.exe
Token: SeDebugPrivilege	5176	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2536	vlc.exe
2536	vlc.exe
2536	vlc.exe
2536	vlc.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2988	msedge.exe
2536	vlc.exe
2536	vlc.exe
2536	vlc.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
1472	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe
5176	firefox.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2468	setup.exe
2536	vlc.exe
1472	firefox.exe
5176	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3944 wrote to memory of 2468	3944	OperaSetup.exe	83
PID 3944 wrote to memory of 2468	3944	OperaSetup.exe	83
PID 3944 wrote to memory of 2468	3944	OperaSetup.exe	83
PID 2468 wrote to memory of 4084	2468	setup.exe	85
PID 2468 wrote to memory of 4084	2468	setup.exe	85
PID 2468 wrote to memory of 4084	2468	setup.exe	85
PID 2468 wrote to memory of 1276	2468	setup.exe	86
PID 2468 wrote to memory of 1276	2468	setup.exe	86
PID 2468 wrote to memory of 1276	2468	setup.exe	86
PID 2468 wrote to memory of 4512	2468	setup.exe	88
PID 2468 wrote to memory of 4512	2468	setup.exe	88
PID 2468 wrote to memory of 4512	2468	setup.exe	88
PID 4512 wrote to memory of 1568	4512	setup.exe	89
PID 4512 wrote to memory of 1568	4512	setup.exe	89
PID 4512 wrote to memory of 1568	4512	setup.exe	89
PID 2468 wrote to memory of 2912	2468	setup.exe	90
PID 2468 wrote to memory of 2912	2468	setup.exe	90
PID 2468 wrote to memory of 2912	2468	setup.exe	90
PID 2468 wrote to memory of 208	2468	setup.exe	91
PID 2468 wrote to memory of 208	2468	setup.exe	91
PID 2468 wrote to memory of 208	2468	setup.exe	91
PID 208 wrote to memory of 2004	208	assistant_installer.exe	92
PID 208 wrote to memory of 2004	208	assistant_installer.exe	92
PID 208 wrote to memory of 2004	208	assistant_installer.exe	92
PID 2988 wrote to memory of 2692	2988	msedge.exe	95
PID 2988 wrote to memory of 2692	2988	msedge.exe	95
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96
PID 2988 wrote to memory of 4692	2988	msedge.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Users\Admin\AppData\Local\Temp\7zS86F4B638\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS86F4B638\setup.exe --server-tracking-blob=MGQ4MjcyMDM3M2E4ODE3ZTcxMWM4N2EwMjRjOTczNDMxMjcxYzJmZmFhOWI4OWYzZThkY2Y2M2RkMjdkMjc4YTp7ImNvdW50cnkiOiJDQSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYSIsInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9c2VhcmNoLmJyYXZlLmNvbSZ1dG1fbWVkaXVtPXJvYyZ1dG1fY2FtcGFpZ249JTI4bm9uZSUyOSZ1dG1fY29udGVudD0lMkYmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnNlYXJjaC5icmF2ZS5jb20lMkYmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmZGxfdG9rZW49NTc3NDUzNzMiLCJ0aW1lc3RhbXAiOiIxNzIyNjE3MjIzLjc4NTgiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI3LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJ1dG0iOnsiY2FtcGFpZ24iOiIobm9uZSkiLCJjb250ZW50IjoiLyIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InJvYyIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJzZWFyY2guYnJhdmUuY29tIn0sInV1aWQiOiJiNjIwMTcyMi1lYzRiLTQ1ZTctYjNkZi1hMzk2N2JiZWFkNTcifQ==
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2468
- - C:\Users\Admin\AppData\Local\Temp\7zS86F4B638\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS86F4B638\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.39 --initial-client-data=0x32c,0x330,0x334,0x300,0x338,0x74a2a174,0x74a2a180,0x74a2a18c
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4084
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1276
- - C:\Users\Admin\AppData\Local\Temp\7zS86F4B638\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS86F4B638\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2468 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240802164853" --session-guid=4e97d3b6-da49-4fc9-ac2c-fdb996d4a0f5 --server-tracking-blob=MzRkM2NkNzllZWRlYmFlZTliYzY2OGM1N2JmYWJiY2E3ZDEyMGM2M2E1MjJlZTg2NjNjMzZiNjE1NmU1YzI0MTp7ImNvdW50cnkiOiJDQSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYVNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhIn0sInF1ZXJ5IjoiL29wZXJhL3N0YWJsZS93aW5kb3dzP3V0bV9zb3VyY2U9c2VhcmNoLmJyYXZlLmNvbSZ1dG1fbWVkaXVtPXJvYyZ1dG1fY2FtcGFpZ249JTI4bm9uZSUyOSZ1dG1fY29udGVudD0lMkYmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnNlYXJjaC5icmF2ZS5jb20lMkYmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmZGxfdG9rZW49NTc3NDUzNzMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MjI2MTcyMjMuNzg1OCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMjcuMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Iihub25lKSIsImNvbnRlbnQiOiIvIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicm9jIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6InNlYXJjaC5icmF2ZS5jb20ifSwidXVpZCI6ImI2MjAxNzIyLWVjNGItNDVlNy1iM2RmLWEzOTY3YmJlYWQ1NyJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=AC07000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4512
  - - C:\Users\Admin\AppData\Local\Temp\7zS86F4B638\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS86F4B638\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.39 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x724fa174,0x724fa180,0x724fa18c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1568
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021648531\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021648531\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:2912
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021648531\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021648531\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:208
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021648531\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021648531\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.30 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0xcf8f40,0xcf8f4c,0xcf8f58
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:2004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\SkipRevoke.svg
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ff8230c46f8,0x7ff8230c4708,0x7ff8230c4718
  2⤵
  PID:2692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,1264050347941073420,7313409336207282573,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:4692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,1264050347941073420,7313409336207282573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,1264050347941073420,7313409336207282573,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:3304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1264050347941073420,7313409336207282573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,1264050347941073420,7313409336207282573,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:4836
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1264050347941073420,7313409336207282573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  PID:1340
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,1264050347941073420,7313409336207282573,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2420

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4432

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\RestartInvoke.M2TS"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2536

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3040
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:1472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd97bcbf-0cda-43b7-82f7-298dfdab523b} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" gpu
    3⤵
    PID:3700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2384 -prefsLen 23638 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e0511536-4abb-4b0e-9a68-8e30910bb1bf} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" socket
    3⤵
    - Checks processor information in registry
    PID:3560
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3244 -childID 1 -isForBrowser -prefsHandle 3180 -prefMapHandle 3084 -prefsLen 23779 -prefMapSize 244628 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {884a0918-0d45-4690-b406-1632ec2164ed} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" tab
    3⤵
    PID:1084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3952 -childID 2 -isForBrowser -prefsHandle 3912 -prefMapHandle 3896 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67d6254e-3b28-4c11-838c-6ac1fb97fa4a} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" tab
    3⤵
    PID:3976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4956 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4964 -prefMapHandle 4932 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b4f2d89-26bd-4d30-87d8-09bd50198b1a} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" utility
    3⤵
    - Checks processor information in registry
    PID:5184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5360 -childID 3 -isForBrowser -prefsHandle 5392 -prefMapHandle 5388 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {67ff706f-72eb-46d1-9924-d14e88d6f028} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" tab
    3⤵
    PID:5568
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5496 -childID 4 -isForBrowser -prefsHandle 5540 -prefMapHandle 5544 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44732758-aa41-400c-9737-4bf05b5fdd7b} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" tab
    3⤵
    PID:5580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 5 -isForBrowser -prefsHandle 5712 -prefMapHandle 5716 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1204 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ec82bab4-1fa9-4e90-a733-5b7c2c45f933} 1472 "\\.\pipe\gecko-crash-server-pipe.1472" tab
    3⤵
    PID:5592

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\RedoTest.bat" "
1⤵
PID:5024

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x31c 0x320
1⤵
PID:1856

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\RedoTest.bat" "
1⤵
PID:1224

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6136
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2032 -parentBuildID 20240401114208 -prefsHandle 1960 -prefMapHandle 1836 -prefsLen 23737 -prefMapSize 244790 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f80bb32-3b92-49b4-bef5-a299c385b59d} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" gpu
    3⤵
    PID:3228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2420 -prefMapHandle 2416 -prefsLen 23773 -prefMapSize 244790 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d986ff61-bcb6-468f-84e1-1f811625e3d3} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" socket
    3⤵
    - Checks processor information in registry
    PID:4920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3308 -childID 1 -isForBrowser -prefsHandle 3320 -prefMapHandle 2660 -prefsLen 23914 -prefMapSize 244790 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {849b1c29-a75d-4619-9e59-f43329e57c5f} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" tab
    3⤵
    PID:5792
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4132 -childID 2 -isForBrowser -prefsHandle 4164 -prefMapHandle 4160 -prefsLen 29147 -prefMapSize 244790 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {25fcc962-b98e-4f25-981a-6689a067ec36} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" tab
    3⤵
    PID:3216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4780 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4772 -prefMapHandle 4708 -prefsLen 29201 -prefMapSize 244790 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {64af519a-41b8-441d-b048-08cbf887ef21} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" utility
    3⤵
    - Checks processor information in registry
    PID:6036
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5264 -childID 3 -isForBrowser -prefsHandle 5288 -prefMapHandle 5284 -prefsLen 27034 -prefMapSize 244790 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56e40354-609e-4efd-b109-366b89fd8778} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" tab
    3⤵
    PID:4140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5256 -childID 4 -isForBrowser -prefsHandle 5424 -prefMapHandle 5428 -prefsLen 27034 -prefMapSize 244790 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5b07bbc-a540-4e1b-a72b-d56084e30747} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" tab
    3⤵
    PID:5636
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5172 -childID 5 -isForBrowser -prefsHandle 5604 -prefMapHandle 5608 -prefsLen 27034 -prefMapSize 244790 -jsInitHandle 1128 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {89bacd59-042b-4ecc-bf45-68cb6757f0ff} 5176 "\\.\pipe\gecko-crash-server-pipe.5176" tab
    3⤵
    PID:5644

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
15e9c4b4eefb3e1c08a010e748e10f58

SHA1
3172378f2c7a00553ce086dbf53fcf3126c5a724

SHA256
07b56a769467e8b57f9b7acd9d32da266ca5000803758c18bb6818ac236c7000

SHA512
811058b539e914a812c88543bb6657de736f691d18d6dadb5e1f6ced286780fb334dc5f575babbcf4fd2dceda30d1bf4004b374c5775e7f278346b100b29eb7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d4829218222c8bedb9ffe89dffd37095

SHA1
aae577f33f413ec3d09f2e7ff5d9cc20a602241c

SHA256
49239b229a2519583ba5d6de3702480b8a8ebf3cfaa8945100dbab25fcb02b7b

SHA512
03e26a2e3de41b8a829b5543da504c7d7ccdc4c112d629efcac24dcda23acb50a52b5b99572b5efb2a01cf392a457cf9fac85663b3d63f7606be00dba218f8f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f5a46fa6dd62be9faece9660f8e42f69

SHA1
889967506e452aa1cd2d0f5fa99d97596a8a43eb

SHA256
a605a92915515242c0135533558562b56d9295325c5dd072dbe2c8311a5ccfc7

SHA512
ff20c54824a12ea12a7187ddd9e4880606d534483e4388063c72d3662b6f8d19ea6b3da7e5c5b0416dd7695fb9935f1c733e250cd6fa2de0714a68c99970a22d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59d49cf93b8175fc35a6c127bac1a87d

SHA1
00e5ef9318eb7e6f6189859e512887f970d5fb91

SHA256
4decfc42792b386a6e49c2700aceb70b343263f93e906586ff10511f670de9ee

SHA512
35038180410db2d57a04e6fa59759726ef596085f659909f9c6f5142b29762d56f836f076e95982ce0283b73f3c3e357f3b6513f71c09408846773a563fae16d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
7915ba0545666aa5833cf9f9f86d45d6

SHA1
743ecc319bc2a54973582d4a5198042a48fbe8db

SHA256
f8fcc045da13bde0f5dec3ada86342105cbff34ebc2442bcf51e8ed509a95b20

SHA512
a53036251a22cdc95579ea8641c5574f1dc1f7dfd0390f00ebeafbbea0c1a2c0c3e6dba23bbbb8d8e2c77a3e1e816ccfaf84a97da1c334019c8df1414999d1f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b8a164ffefad7aca827c8e08f4a30029

SHA1
de5b356c73486c1c5486ac748ea8f545479c93b0

SHA256
9c4b353d4a11b83af0b00c5269a8126d9836e0a64706129d5270221b12942d67

SHA512
1b394e8177a6b80cb37a79a8d2541b5940e7adbf8769680777b36cad1ad97e8a792abe5e395e656e9bb620ed98622d8bafc58aab813dc6956028ed09e183062b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\activity-stream.discovery_stream.json

Filesize
27KB

MD5
9c4f6948846a6d1a5fb5654e26088043

SHA1
ae37aa76a950468408b4f3347514748f5bfbeaf8

SHA256
db4d78fb3df8060eefd7442e43006baa03c38add170b95fbdc89110745f39ea2

SHA512
1e22bec10c40ad52ae67c4e7a1e6100f23bc5657f72a0dbf0c87b4fb7e7fa61c64bd34f0d8e8bddaf438e9c0b3e240474b9ae2b6de2385e3cd87d7fd19bdb1b6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
63a2cb4eedb04d98736f98ec9827fdd4

SHA1
d072b3e4203e0159715f7d872679c098852de60c

SHA256
a227aadc27a9c21c346a9ec0dad56779fb1484cdf4d316599422d7301676ed65

SHA512
10e678cab689ae9c80879c3de1abb77c27e971356ee23d86b8433ea896c7e6feb021636b1b71fbbaeb1afb5def0b4c8d6c3c7e0425d0a050045688be172cd5d9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
7526b65a86010a76bc52e1be66cccab6

SHA1
7566eb0af21d53e05aebf87b3c9a4bd548857e72

SHA256
fd0d7d5030c6eecd8027a289ffcac6978d5a729fc2e72a6881cad11da553e7e1

SHA512
c822f407c7dc18213904671d1024844d5099813de99842ed17e7dacbf8035eaf933679723e4274396ab31c7bfd4007b39cd6656908c272ddda582bf6dbf1694e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
15KB

MD5
117179b410bbe9fdfed390eeb0988bb7

SHA1
d8c567d5fb25944ca224b110fa10c2291afab061

SHA256
8e88953a35af4752b0842acfd535063193804258b2501a84c8c8d39e438bfb08

SHA512
1813718764d4964ae2dd3127279243c889ffe170736d0492b2ce6044a41dd6a78871a99f09794301da1a4df61da7ea41ccd56acf876cf71c7bb8381434c9c7c8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\8A2034D325DC0B5C9E11EDDA3FC70A54C8DC1C0D

Filesize
13KB

MD5
b52d1b498027dedb5396e0080c065543

SHA1
0590e4be7a4ecd6fb2b4660c3e21ecbec4947360

SHA256
de880d122cb00c419abe79c4c169d448a603ba4c1b5769c566347640700e3608

SHA512
531cda6d7029f80b2d380e29362735875a2fbccf6440f0789ee27aac51ff4dcf6db352f32dbbb065365de988404e1912315b7890ed0d0ddd583a4737006c8ce7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
138KB

MD5
f7dadf2995bf98fd85b6098fd72832ed

SHA1
905fdf549f1b1aecd1a729f78644c82971e34587

SHA256
a5dd9b25ade459941342d99c31cd0ee4b9dbb92ab47a3b3c4d02b14893fbb861

SHA512
4816a00fd4c2af45a52f5bda59ebc0434bcf3ccbfde860a82e7d6b072ec0d023d8df5d8cadb84aeec6a66612bbecbc343ca27e3326cad659fb1bbcb6523ef3e5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\safebrowsing\ads-track-digest256.vlpset

Filesize
54KB

MD5
64d20d05a5e1dc74631f0b7efeda7ee9

SHA1
567a2116f2a6e7db0306485e64b170e7c8b6e3ae

SHA256
b224780de64479dfe67affae848dff9e838628ccff1d9515cbfc8ee074bd48ff

SHA512
529b682913b709af8eed4fca911224b1b691e94aeccc99951b8c970dfa8a7776f9ff2caf311ddcee44910bd7e3c419fce01cd8f32f41aa781ef3e020569fd3ca

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\safebrowsing\analytics-track-digest256.vlpset

Filesize
12KB

MD5
01c9d44786c5994b56eccfa294d701f5

SHA1
1f1ec326e812ec296f97c675e39c60794920ffbb

SHA256
f3560ed7c826289cfd01f757d3e20273ca261110da70eb32c4d32d3c2e4aa2fc

SHA512
ed6742bd469d7d20bb94e5339f276a6b202706e04c34ad5ceff99549a6632fbcebd7bd5510843c0cc589b508cc80f45ba6bcabeb330d2bdcee9f1ee38f662a03

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\safebrowsing\base-cryptomining-track-digest256.vlpset

Filesize
2KB

MD5
75030fc0c97997338ab538b7615fd829

SHA1
dac3d0bb59949f922b99e4c0dcc6c705842fd6ad

SHA256
50780f9fd932d7707a4bcb454c7bf031205a22fcefceb5b9cbef3fc43acb9bcc

SHA512
21ad8d76b2a24d5cecc065ba9b5250cfc0f29265e741ece2fc30958662f7f820ebef5db476636cccbe5ed632006ad0fab22c42a05b714cf89a2fd93a89790174

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\safebrowsing\base-email-track-digest256.vlpset

Filesize
6KB

MD5
213325f07445a473bc8b8e39ddd01f1a

SHA1
20008e14f24d114deea0193f3d4f41926a1d42a5

SHA256
27dfdce520faff676208952b08a0c4fdeb47eb8b506f69bf5ff2344d2b1b5a8c

SHA512
06ad311be8844db4d42250046aa0b875239ab6c31b5540d056f30ba1ad262eed0baf567717249574b558ddf0e0814f08554dbac4331b08abde7b1293c023342d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\safebrowsing\base-fingerprinting-track-digest256.vlpset

Filesize
3KB

MD5
616affa2edda8a3e06dc1b85387d4246

SHA1
432e6e9144cc96cebf9f1b25b169eb0c6973dd44

SHA256
b2e4bb7de736b399f2caffb7274579f46bea111966ecc459ea6a6c02bc2aeb85

SHA512
98294b41e7a6020c2a6623d3b6e7b6f4b93f5545f4aa39470c6f588176d36febe3ff6fed102e215f0da811fd3d8926e81ea670c4d4bd952d62f7cbbd26ff98b7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\safebrowsing\content-email-track-digest256.vlpset

Filesize
8KB

MD5
af57a9620d86696b2bbffd0b7499e8ec

SHA1
0313dc7c50eb67d5974a95f8ad328e6d418751da

SHA256
ee6ff9bf6173569890e1d04556f5d25799898b3f18b7ac1f5a019d36e5d4e2ec

SHA512
cd5f88a80a0be1bbbb2b90b052df13dc6b2398e09eb4f20d613f81b86873701e959a2c33105730e338c693ceb1fe51c0e3f92b7df158c754e2f17c97a4c1db9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\safebrowsing\content-track-digest256.vlpset

Filesize
8KB

MD5
68aa5542abf4f84cdf32f68d15ec7d87

SHA1
d19e327117566e16129319bcec12b11db1c42e47

SHA256
e80b6d551b6b93cf01fa2774746bcad9d365f509776659b84835f30e0aca1ca6

SHA512
7679f7a14c2bb7351789d4acb2b8edaea2c4f613f70492577d2c91afb71574087088c27727dfe0765cebd19dcefd0738234f64bff242a75948c61e066e37baaf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\safebrowsing\google-trackwhite-digest256.vlpset

Filesize
1.4MB

MD5
c0e1ac752cb716038a8245aa68af4c1f

SHA1
52152c6f058aab68f996311e424dd30341200fdf

SHA256
e448d98c433f007a572960b5a956b474528893020773110d6921767becfd3837

SHA512
a44670bb0e64bbc28bb647716e000405688cdcf62b841619fb00307b29163d9477c79260485d0a7675bc0f943fa343ac01d2225baf01b27ec098e2e2354b1150

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\safebrowsing\mozstd-trackwhite-digest256.vlpset

Filesize
290KB

MD5
41fae052da51d99364071f405c6c003e

SHA1
04c88b9e06fd189859e283d0e8f945ccec7272db

SHA256
32fd3723664e71d8b405ff333c9140dc5cd221b7d20572255a41609a95001db6

SHA512
a47ef3facfd5ec05e8579ad1759b131eb2b53f55e47daaf7924d11d26c2b5867b489b0fc510245f13e960e7485ee1ed3080e1747033ced720485a716c119282b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\safebrowsing\social-track-digest256.vlpset

Filesize
2KB

MD5
724e72a447fe71f26bf2d238b74ae4fc

SHA1
f523d76ca8dc7cc125572e3d72b142de0ab3b387

SHA256
239eed59fd36f00c99db1e31a50aa8b0151e4c9a10c73b2eda66c7370c591e60

SHA512
dca33c41afba5474411fb3f5e0a1b59aff4268613ac04c9ac9eda1a9c6dc705de300a9b8343dc7aec4f1cdf2dced5e6ffc8c48485f3554fd4497f7dcda4442a6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\safebrowsing\social-tracking-protection-facebook-digest256.vlpset

Filesize
485B

MD5
daaa03bd7519da1744f99811880c2e54

SHA1
3712d23c4138e87c8213678d0047968f6539eeb4

SHA256
3de18607bf87948b854949674e41d74373a8f8def1fd4e84b33a61bab84de49f

SHA512
cd65857f2f7c8f967050671b91ac85b7497fc2887332a5f289ec747ae228e4658d1b8b6f0f856b47a5d2d8346436000370fa85af9038e1870dec32ac62af34e1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\safebrowsing\social-tracking-protection-linkedin-digest256.vlpset

Filesize
165B

MD5
530d70dc8f251c579d059f5b1b73fa9b

SHA1
78b2a695f8741ed92e534ed431494d1adc566de6

SHA256
db7ec6c7001da7cc14c7814fcf8ccb76f689d20adba407d0a2b90febe1260863

SHA512
3e69371ec0801f952072ba0bca007b6e433eb744fd2aa8228d5ae0a0ed11943eb6bb035e44d05a013803eee063740fd34fa02a5bec18ef5175ae2472734f8148

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\safebrowsing\social-tracking-protection-twitter-digest256.vlpset

Filesize
293B

MD5
8347e3838b3f176a0c4f78364fccbecc

SHA1
d68d4ff0bd768fb685bbeafe39187110c6ffb32e

SHA256
510dd943627bc1e62bd8d6c01ff3b448934813084c00390d33c9e60772bb529c

SHA512
41d7235a324bf27bea6cbb31271f20b132ceba2e6fb5a3f9acca132ac12771237b77acc7f5dcb8e11571beee1d7d6315ac1723476cf4c0bc3cb01307e8b22e1c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\startupCache\scriptCache.bin

Filesize
8.6MB

MD5
42ef850edbc139a84e7e3b20653f072a

SHA1
8f4865cac36ba29890d1d0bbec93d36393d545c4

SHA256
4770d7a9a2fb83641bca7ba915eadd15fd6349d4a0fe3e37627550453feb08e5

SHA512
aceaca216366d624744005c55acc2c11c065bdf54c309358973d9cec1fca7f9cd9b12573c2be7487dba3e5147ef8b01ccf9237492bf8086deb3799eceab217f6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\startupCache\urlCache.bin

Filesize
3KB

MD5
6f022897680c1c30565aefeccf6ae91e

SHA1
4426173e150a261fc7c665231400bc124ca2c31d

SHA256
21e89d5e99d38810fb46c7d275357fb11682fa62cd067b109d008055e56b2760

SHA512
e8334807375142f70d825561b238f432f0eb78e29234aa4aca070291ed0d803de484ecb111d78a26c538a1f48bf1bb3e8b980ebd0ecd1e863d4bc47bd5eb1406

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
ea41ebca22c5a7b2878549e58876e4ef

SHA1
ddda141a1cce35c84bd704860142ba67f3af5704

SHA256
ed4d19cc1724d88efad5d127447407d9dc58954b5b012c6ee0995f06a4c4f35c

SHA512
926a825a5c596069726007ed9acbbf1e29da5edd9948765880e17213ac552955432d121f972f8a1fe31af11c141166e713b86c0c29d34296b92e00b71d796582

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021648531\additional_file0.tmp

Filesize
2.6MB

MD5
1bf64fd766bd850bcf8e0ffa9093484b

SHA1
01524bb2c88b7066391da291ee474004a4904891

SHA256
58794b1bf4d84bd7566ee89fd8a8a4157dc70c598d229ec5101959f30b6f3491

SHA512
cdf2830edc5d4f30beae41591f3a1bcff820f75444d70338a4c6d36e10df43475f383a9f291b619a008452c53e0dddf65547f217386389000535d6d264854e7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021648531\assistant\assistant_installer.exe

Filesize
1.9MB

MD5
9afe96db501220cf42b262fdac954dc8

SHA1
d3471998f674b267256e72a30977a79abcd8fca9

SHA256
fc5608bf95bb02e889aa9be15abc5c066acd62ba07f886b323383e75909a2566

SHA512
ecff52ca7467e3948faa244c1fc7c3d4d1f1dbe74077d071b78147729a078cc6a676212e0606111edcf542d554045c4f5a4d502545b2f0a285cda6c5d0b69b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021648531\assistant\dbgcore.dll

Filesize
166KB

MD5
e0274730d20eb9571d59f2da20d165a2

SHA1
b746aeca5f7cbee0de163309c9d207c94f9b8d64

SHA256
c5c4c6430bcfe6118a4f499c94afa460401e369dc548a24688532c95fd202ec5

SHA512
d95998b69e6c3d25037e12e038f2773960de2d18df1af0342fd805c7c349bd630a21d0e0fe7490baaf274e90781ebf6a2667e64593f9d91174d040bfe640bddf

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408021648531\assistant\dbghelp.dll

Filesize
1.7MB

MD5
6e9976cc7b2def7a37106703e47626a5

SHA1
edcb4758f8ee56e9c6515f912d5024aeca9ead50

SHA256
fd8840fab4b61db4e9e09168e5b1b4f0e9bfea0a64482fd475ab63c712b92b9c

SHA512
27091e6ad001dac22897a295806925e02f693096d79667e587de74ca955ffb9b2773b22c83e306e7164862524e02ad028e68684c2ca7d9e4da1ff03787dd40ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS86F4B638\setup.exe

Filesize
5.2MB

MD5
f234c4f296e58a704363ba1b6547d2e1

SHA1
c7d18136a216d13684be54596f6e4d1a2e86f088

SHA256
f6e43c32e89ced0b6c0d88e620e23b80a4cc440a838a733ae880b078dd62458e

SHA512
64f1a44807f428c004b2e752b39aeb0e8b4310b713fbf90e31dbe16ef40c31866bdc5aa25e3bb6ecaa6523da4b412265cf74e149d20a2ef37d8addc816d14c9b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2408021648519022468.dll

Filesize
4.7MB

MD5
c422732ce5268fcdaa68ecc576c3fd38

SHA1
7fb88aa9641d9a70ec88da22b25f55914e6f958b

SHA256
a8c8fe6990398fdb6fef6c64d4b7648282580a14b923b2a7b3677a81300d793a

SHA512
8b8337b1137810936c1ff5a7e6a59ef0c9a60bb0928547aa6d70cb1a42ee554b1efe92177879e0ebc9b80f92c43c3f45848d1ac7a644203bca3bc8d04441c9a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\AlternateServices.bin

Filesize
6KB

MD5
3206aa34e0e45e2090851e7215b032d6

SHA1
2cc3f0c0545dc1b459ab6f55b6acc53ef20884cd

SHA256
ff864fe08e3d5c958e4e680a8dfbf7f1bbe1a2a9126f2ba461061ca597e47645

SHA512
87deb3bbe42790af5937ad6cd81c91c7138f9fec1d6788bc332871b987a80fff9221685ad361bf97c9cedd9fe076e9d9270e3170b735d594b4b8fa987513600a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
568496dbd3d61942a120ecd4df05ddae

SHA1
a8a7f2d726f021e88fe3708fa8bcb4e7e2fafd08

SHA256
71a8313d2e5e7cdc6eba85ba6f6c8c74b5a7afd7df363b13cc7e6c07cbf155f8

SHA512
2a137b90c4f8aaed26ab132273444cbcddba33e5b37f6e06190da2f53f27c8fbe7d8b38a3e2c1deb5825910fe58251f902fb905d27e257a4a9cdedab30c7f0c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\addonStartup.json.lz4

Filesize
5KB

MD5
e0573c5353827e3636ad1ecc967688fe

SHA1
516468aac41d97bed72ed2113b4314c8749a389c

SHA256
480b99af5bc1c56109d54dcdbfff1bcda29852a454150b6cf09af4fd8adcb331

SHA512
d2469436afcdb4f295d5a461f1a34162f795c81b9bb75cbfa33e5eb55c384bcb36914518ced53d8c2c97735bff61191e649c5ce212562273f028998531ae1b9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\cert9.db

Filesize
224KB

MD5
5f8c97261cf582744bd3b07a0f98e0aa

SHA1
fdb1c1dadadbcb59aed5d8bdb59eb678276a891d

SHA256
3e1cf4b7addc807080a9831f1a46cb0ec98b1ebc03451d32c5d8ee678d8cdb61

SHA512
40af606db98d1177f2bf97ed8aca29ee3a4c504d4a1614c7481c18cbbbc7b4ec18fd10a071ac6a6b371b4fa085c4a42ceda3be888142fa6a0e617951fa955f66

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b5acd9cf58ba89e643e7b2e839e0707e

SHA1
82c2b9cbea4acb50b446b786818287be7b0b8b61

SHA256
4d4fd87f1cdccc9f826ab7de2b3980db6fe4ed328f079ceb24f680557da9667e

SHA512
1fdaf5173a2fa956e3793b3643b44d928a4c81a1599bdf4b057396bfca5948ce1097194dbb5f528959c8cf4e34d058922828236c6060b41510e9ea2cb9ed424b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
24KB

MD5
a1e4fe52bbfd4d62efc20464e18a1eb5

SHA1
1d5935d8012a9c9c8ea865a4f193d6cbc08f4e5b

SHA256
f477a50fa101240d22902e831a9e1dcbfa5a427ae5191f00fd7eee346f973a65

SHA512
320f8f42161f671d292a1baa59bf63cf243b093a16f59354c74d2dc4c91d36f0628f90322eaae6870615cc196ab0f321b01363a983ded705cf4799b409fecffe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
23KB

MD5
a8b1c08336d1a79ad5b8083b09ebc305

SHA1
d648dac6c292f616c6269508585c890959730722

SHA256
70ac259d1ff6536b12744e1401764d7e8e5ba3958828994c380b217b5176b589

SHA512
7444627b87b8076dd026b165f01f2f0e98663d0fcac7f30ee0ba99a10afe37289646bc1ae804d34b4d9ec9374d82fe00be95a6d1dc7ec7d8e78abf7eb1c59f16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
f4f39c14d3c353dd8ce108a074a74263

SHA1
261ab7b92411cb76be63440fec00f28940ffdc60

SHA256
f3ead587a3e5da2d0ff4090792533539bdaaad8632ab7a8f61c7898a597aabaf

SHA512
3d6fd8740862b2139d6106b999c1f5954d086a789dd97f03a8e2212a261d1da7d2edf1aafe7209a60080da715ab8d797556469687e3c0759fafdd5a89fddef34

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
ada95c23e90169198cee6b290001d697

SHA1
287aa704b6a55066964821aa8dc8043f617d11e6

SHA256
5ce037bd3c31da5e78680a32af9718703459aa9cb9bcb7377bfeff516674f4b4

SHA512
b79fed45c339c761b7ba5e5900738c64e968871e3e6b9918d1b4a9526cd497f61cd89880f5c55ef7f354f368f97bf47688dded51c3f7870178d1a9cad273f5e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
25KB

MD5
b746db945333e3d580c4f7860cc3dc3c

SHA1
23a879c7090da33a3f93d3eb6f56d31da9603690

SHA256
41d67a7a748dbbf986063434281f77c805b802f50c4f09dca19fb85d2695907a

SHA512
f564304f014f9224a534609c95fb8467de64e228f971cc2c6777810ea4fa87d675ca427148d093b56106b188f78f0a72f82c7c5c3e39da993ca35306111bb599

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\events\events

Filesize
104B

MD5
defbf00981795a992d85fe5a8925f8af

SHA1
796910412264ffafc35a3402f2fc1d24236a7752

SHA256
db353ec3ecd2bb41dfbe5ed16f68c12da844ff82762b386c8899601d1f61031d

SHA512
d01df9cab58abf22ff765736053f79f42e35153e6984c62a375eb4d184c52f233423bb759a52c8eed249a6625d5b984a575ca4d7bf3a0ed72fc447b547e4f20a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\337ffe42-bddb-4289-8b6a-69bb6a63d251

Filesize
659B

MD5
a1182d8a68d4f093f47b11189e61d911

SHA1
ac8c5352af7255dc900e1144e5ac4f12da3d86cb

SHA256
cce957a73c7f28d85cfd589d9affbbbf19c9ca27622448ee0a8ec4827bd3c7dd

SHA512
a88d20614c9e4c8441fcce9058310e0d32d36efe5b5ff4f7954ddbf7bab40592de25137e1b9b587a735ff71c3c265f3c8c7b26666e1f5088cc37a14fe773bcfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\342c2fdf-97fa-4430-914f-46ea4019d786

Filesize
982B

MD5
473ba0510af0abe291c4a34a896e2315

SHA1
eb351a7c2e4eda2964d1c2f0541362ac3755f398

SHA256
e1a21fd27fb1999a8615eb20d6c1d44363018f7eaa99ac6b045e7f10e0c3a6ce

SHA512
dc5ec130b039b5856d3468f4f04ab094cd10fdfd85db45a50b591d0bfb78256e33df66f2240bbbaf0ccfb0c24ee2fd7bd4a7d8f8002116fed7b5ec749e174bf2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\347dd75d-e930-4845-9f0a-2874e0e9ff91

Filesize
905B

MD5
bffc6cc80695e62e51eb83f38fd0e85e

SHA1
a4d136e3ead54159b4a8953aeaffc4f29d4e3458

SHA256
2fe02a9441cf402869c198229426330ebcd9e9e6b0ae5b76eee4d157b3e10ac1

SHA512
ebf952a57432b8e3290392971b19aaffdaa982807915473a7123ea619e703b7f89affea4345b125c08e845cfa58f546045fb80fbe9046b7c1ef14c8acc2a76f0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\datareporting\glean\pending_pings\8a66faed-f161-4b0e-939b-bb20ac57ab07

Filesize
659B

MD5
861a8160e9ea2bdd4eaae9185c609073

SHA1
0b285af510fdb85e6edccb0eb9be8900f172ca7c

SHA256
a642edb0c7f115034044a1dc554de98463ea290f21ac3284cd0de0e62add3e7c

SHA512
019cef53ef74d542c17acb53327459f28395f6a71865866b5929725638610b275fe7eb3046bbbdad971033fdec001fcc02c40604472b8d9952bed945e14abfcb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js

Filesize
11KB

MD5
7adbc6793a432afda69b6db685b66602

SHA1
919861c5e93959190f9000452f413c04f39c2559

SHA256
8333f893b4b90b565203829db28b33981b01210de75360c0edcc7860fe0090e8

SHA512
10bf7b94fa705db09f80e913181ce7e3e15197a4c3088a036a465f3216640bd79f630c6f51edd425e5b85fd21474a0e7758c733d995e8bdea8058f13d724e5cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js

Filesize
10KB

MD5
c98d2e009bfebf9f65dd8bf54b5d956a

SHA1
a47267c6b5899de339f83d30a3b9b1315bce0434

SHA256
c7cbc863ae6a4dd332687c3d0d1c15d2f0c4a8f848b7347b621a03cf5dd2bffd

SHA512
d57d5ddc3ea7e03eecd58fbe3f4d7e9f93c1a737555ace2d8a3cbd36c806766a3b2566c4e2fce0cc3c95001ea44481f4555de3717fb2789a4afa0f01ed7cda11

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs-1.js

Filesize
11KB

MD5
ba6d6894307a9290692ecadbcf5135dc

SHA1
9e5d6f90e01cb776edfcb1ad056a6a7c01f4cd90

SHA256
3d69ef28b56950492671335dd8d4f762ea57167444c07303257aa018575de4dd

SHA512
00bb69a1ef5316260bb5dd271a161bc3e51a64077aa0eca88489dcfe32d28b0d57447b5e8cc2dd068112e1ba104d7360408785b05543d65cf613f9195746cf4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\prefs.js

Filesize
11KB

MD5
ee98bfb4f1b23984de60829cbc97b244

SHA1
303bd0bdc82fdc8efed8f26f9a9f47d80c88be5c

SHA256
c1b93a65eee1da1d60c841308a893811d673366b2fb18315532a8c47bc9b83a2

SHA512
241a57bb7d2b7bdebe47c849eef1c5b64ba98bc6a0e42d907985ab8bb39a7c7a9005d4b2c822f7fe8845fcfc39afbc1baf14926d369a1edc863a91c630176dcc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\sessionstore.jsonlz4

Filesize
1KB

MD5
0fa3c37bc362509bf4cf5ad769138e8e

SHA1
4231c8e4b8008677db1226e06456b00c7b60f423

SHA256
ee005009b62c72e91fcf9624d52bb2125c606beb782a509811f697422d2ebc60

SHA512
80894b0545c48e8605166441fe7cfe4774a9b15c76ac846b4e4da228a82dc3e259da8b27531063d893522e0f9574e8284da7d3fb95a02556f69e85281e485ef9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
5865cc0fb9773240a1dfab28deeca879

SHA1
a8bb6a0d6c5e8a291c0551bddc6468a3bf7bf559

SHA256
02df3c7ad9d44827da28423929ee62f29e098e044251fea01c122ad41d2b2ed9

SHA512
b95c6f2391653df9059fb4627629b70426510aa3ae6b9f4abd63906031fc5105e7e6195ba3bcb62c71285bb5335fd07e5ab4bce3fbb1b5a53d79d1fb6c620c68

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vpqsq2xy.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
1850bb03395a9e7087a9070c7eb89a6c

SHA1
aff1d423ddfaf5dbde458228dd89cdee2c552b4b

SHA256
61b7be39642eabbdd2d47e25d05b409574c9fb435535d8c15e8a5f867088d235

SHA512
287a90ae690b7ca380b7716c54b82aac0ec04f092b4ef5750637d4c47ec4f99951e43f0e28cedd5c6f747d7b06dc0c5b64035bbf9522fdc2627ae4e925e57981

Download Submit
memory/2536-235-0x00007FF823920000-0x00007FF823954000-memory.dmp

Filesize
208KB

Download
memory/2536-234-0x00007FF6AE090000-0x00007FF6AE188000-memory.dmp

Filesize
992KB

Download
memory/2536-236-0x00007FF813220000-0x00007FF8134D6000-memory.dmp

Filesize
2.7MB

Download
memory/2536-237-0x00007FF811D70000-0x00007FF812E20000-memory.dmp

Filesize
16.7MB

Download