hxxps://www[.]opera[.]com/gx

Analysis

max time kernel
1379s
max time network
1328s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
12/08/2024, 11:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.opera.com/gx

Score

10^/10

credential_access defense_evasion discovery evasion execution pyinstaller spyware stealer trojan

Malware Config

Signatures

Suspicious use of NtCreateProcessExOtherParentProcess 6 IoCs

description	pid	Process	procid_target
PID 3856 created 5444	3856	taskmgr.exe	287
PID 3856 created 5444	3856	taskmgr.exe	287
PID 3856 created 5444	3856	taskmgr.exe	287
PID 3856 created 5444	3856	taskmgr.exe	287
PID 3856 created 5444	3856	taskmgr.exe	287
PID 3856 created 5444	3856	taskmgr.exe	287

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	mitmweb.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	mitmweb.exe

Executes dropped EXE 35 IoCs

pid	Process
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
6672	mitmweb.exe
5440	windows-redirector.exe
4768	mitmweb.exe
6216	windows-redirector.exe
7080	mitmweb.exe
7048	OperaGXSetup.exe
1392	setup.exe
968	setup.exe
5648	setup.exe
6116	setup.exe
1560	setup.exe
976	OperaGXSetup.exe
6868	setup.exe
4860	setup.exe
4868	setup.exe
6528	setup.exe
5880	setup.exe
6276	OperaGXSetup.exe
5444	setup.exe
3192	setup.exe
6240	setup.exe
6360	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
3872	assistant_installer.exe
3764	assistant_installer.exe
6964	setup.exe
3352	setup.exe
2356	OperaGXSetup.exe
2144	setup.exe
4788	setup.exe
4584	setup.exe
4080	OperaGXSetup.exe
6088	setup.exe
1100	setup.exe
5340	setup.exe

Loads dropped DLL 64 IoCs

pid	Process
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
6672	mitmweb.exe
5440	windows-redirector.exe
5440	windows-redirector.exe
4768	mitmweb.exe
4768	mitmweb.exe
4768	mitmweb.exe
4768	mitmweb.exe
4768	mitmweb.exe
4768	mitmweb.exe
4768	mitmweb.exe
4768	mitmweb.exe
4768	mitmweb.exe
4768	mitmweb.exe
4768	mitmweb.exe
4768	mitmweb.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	mitmproxy-10.4.2-windows-x86_64-installer.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 5 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
6632	powershell.exe
3996	powershell.exe
6920	powershell.exe
6216	powershell.exe
5816	powershell.exe

Enumerates connected drives 3 TTPs 16 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\mitmproxy\bin\_internal\itsdangerous-2.2.0.dist-info\WHEEL	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\ucrtbase.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\static\bootstrap.min.css	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-profile-l1-1-0.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\app.css	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceQuicIcon.png	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\service_identity-24.1.0.dist-info\WHEEL	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\_bz2.pyd	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\cryptography-43.0.0.dist-info\license_files\LICENSE.APACHE	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-heap-l1-1-0.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceRedirectIcon.png	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\mitmproxy_rs\__init__.pyi	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\cryptography-43.0.0.dist-info\RECORD	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\base_library.zip	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-debug-l1-1-0.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\cryptography-43.0.0.dist-info\license_files\LICENSE.BSD	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\certifi\py.typed	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\charset_normalizer\md.cp312-win_amd64.pyd	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-interlocked-l1-1-0.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-timezone-l1-1-0.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-filesystem-l1-1-0.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\publicsuffix2\public_suffix_list.ABOUT	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\templates\layout.html	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\templates\icons\firefox-browser-brands.svg	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\templates\icons\windows-brands.svg	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceTcpIcon.png	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\_wmi.pyd	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\static\images\mitmproxy-long.png	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-errorhandling-l1-1-0.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\mitmproxy_windows\windows-redirector.exe	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\chrome-devtools\resourceJSIcon.png	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\cryptography-43.0.0.dist-info\WHEEL	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\libssl-3.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceJavaIcon.png	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\attrs-23.2.0.dist-info\licenses\LICENSE	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-synch-l1-2-0.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\_queue.pyd	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\_uuid.pyd	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\mitmproxy_windows\windows-redirector.exe	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\python3.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-string-l1-1-0.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\itsdangerous-2.2.0.dist-info\LICENSE.txt	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\attrs-23.2.0.dist-info\RECORD	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\mitmproxy_rs\mitmproxy_rs.pyd	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\_ctypes.pyd	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\static.js	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceExecutableIcon.png	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\mitmproxy.exe	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\certifi\cacert.pem	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\cryptography\hazmat\bindings\_rust.pyd	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\pylsqpack\_binding.pyd	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-file-l2-1-0.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\select.pyd	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\importlib_metadata-8.0.0.dist-info\RECORD	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\blinker-1.8.2.dist-info\LICENSE.txt	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\templates\icons\linux-brands.svg	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\ucrtbase.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\%AppData%\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk	powershell.exe
File created	C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-convert-l1-1-0.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-process-l1-1-0.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-runtime-l1-1-0.dll	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceUdpIcon.png	mitmproxy-10.4.2-windows-x86_64-installer.exe
File created	C:\Program Files\mitmproxy\bin\_internal\service_identity-24.1.0.dist-info\licenses\LICENSE	mitmproxy-10.4.2-windows-x86_64-installer.exe
File opened for modification	C:\Program Files\mitmproxy\bin\_internal\werkzeug-3.0.3.dist-info\INSTALLER	mitmproxy-10.4.2-windows-x86_64-installer.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\mitmproxy-10.4.2-windows-x86_64-installer.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Detects Pyinstaller 3 IoCs

pyinstaller

resource	yara_rule
behavioral1/files/0x000700000002368f-2281.dat	pyinstaller
behavioral1/files/0x00080000000235c8-2291.dat	pyinstaller
behavioral1/files/0x0007000000023690-2301.dat	pyinstaller

Embeds OpenSSL 2 IoCs

Embeds OpenSSL, may be used to circumvent TLS interception.

resource	yara_rule
behavioral1/files/0x0007000000023699-2385.dat	embeds_openssl
behavioral1/files/0x000700000002369b-2403.dat	embeds_openssl

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 30 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 11 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	mitmproxy-10.4.2-windows-x86_64-installer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	mitmproxy-10.4.2-windows-x86_64-installer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	mitmproxy-10.4.2-windows-x86_64-installer.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "10"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 = 0c0001008421de39030000000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\NodeSlot = "11"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\11\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupView = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\mitmproxy-10.4.2-windows-x86_64-installer.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
6696	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
6920	powershell.exe
6920	powershell.exe
6920	powershell.exe
6216	powershell.exe
6216	powershell.exe
6216	powershell.exe
6632	powershell.exe
6632	powershell.exe
6632	powershell.exe
5816	powershell.exe
5816	powershell.exe
5816	powershell.exe
3996	powershell.exe
3996	powershell.exe
3996	powershell.exe
5628	msedge.exe
5628	msedge.exe
4008	msedge.exe
4008	msedge.exe
6856	identity_helper.exe
6856	identity_helper.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
1556	msedge.exe
1556	msedge.exe
7104	msedge.exe
7104	msedge.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
660	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 26 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
7104	msedge.exe
7104	msedge.exe
3916	msedge.exe
3916	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
5872	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe
3492	msedge.exe

Suspicious use of AdjustPrivilegeToken 47 IoCs

description	pid	Process
Token: SeDebugPrivilege	2904	firefox.exe
Token: SeDebugPrivilege	2904	firefox.exe
Token: SeDebugPrivilege	2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
Token: SeDebugPrivilege	2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
Token: SeDebugPrivilege	2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
Token: SeDebugPrivilege	2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
Token: SeDebugPrivilege	6920	powershell.exe
Token: SeDebugPrivilege	6216	powershell.exe
Token: SeDebugPrivilege	6632	powershell.exe
Token: SeDebugPrivilege	2904	firefox.exe
Token: SeDebugPrivilege	2904	firefox.exe
Token: SeDebugPrivilege	2904	firefox.exe
Token: SeDebugPrivilege	5816	powershell.exe
Token: SeDebugPrivilege	3996	powershell.exe
Token: SeDebugPrivilege	2904	firefox.exe
Token: SeDebugPrivilege	2904	firefox.exe
Token: SeDebugPrivilege	5596	taskmgr.exe
Token: SeSystemProfilePrivilege	5596	taskmgr.exe
Token: SeCreateGlobalPrivilege	5596	taskmgr.exe
Token: 33	5596	taskmgr.exe
Token: SeIncBasePriorityPrivilege	5596	taskmgr.exe
Token: SeDebugPrivilege	2904	firefox.exe
Token: SeDebugPrivilege	2904	firefox.exe
Token: SeShutdownPrivilege	6696	explorer.exe
Token: SeCreatePagefilePrivilege	6696	explorer.exe
Token: SeDebugPrivilege	2904	firefox.exe
Token: SeDebugPrivilege	1392	setup.exe
Token: SeDebugPrivilege	1392	setup.exe
Token: SeDebugPrivilege	2904	firefox.exe
Token: SeDebugPrivilege	3492	msedge.exe
Token: SeDebugPrivilege	3492	msedge.exe
Token: SeDebugPrivilege	3492	msedge.exe
Token: SeDebugPrivilege	3492	msedge.exe
Token: SeDebugPrivilege	3492	msedge.exe
Token: SeDebugPrivilege	3492	msedge.exe
Token: SeDebugPrivilege	3492	msedge.exe
Token: SeDebugPrivilege	3492	msedge.exe
Token: SeDebugPrivilege	3492	msedge.exe
Token: SeDebugPrivilege	2904	firefox.exe
Token: SeDebugPrivilege	2904	firefox.exe
Token: SeDebugPrivilege	2904	firefox.exe
Token: SeDebugPrivilege	3856	taskmgr.exe
Token: SeSystemProfilePrivilege	3856	taskmgr.exe
Token: SeCreateGlobalPrivilege	3856	taskmgr.exe
Token: SeDebugPrivilege	2904	firefox.exe
Token: 33	3856	taskmgr.exe
Token: SeIncBasePriorityPrivilege	3856	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe
5596	taskmgr.exe

Suspicious use of SetWindowsHookEx 44 IoCs

pid	Process
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2124	mitmproxy-10.4.2-windows-x86_64-installer.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
1392	setup.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
6868	setup.exe
5444	setup.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe
2904	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3336 wrote to memory of 2904	3336	firefox.exe	84
PID 3336 wrote to memory of 2904	3336	firefox.exe	84
PID 3336 wrote to memory of 2904	3336	firefox.exe	84
PID 3336 wrote to memory of 2904	3336	firefox.exe	84
PID 3336 wrote to memory of 2904	3336	firefox.exe	84
PID 3336 wrote to memory of 2904	3336	firefox.exe	84
PID 3336 wrote to memory of 2904	3336	firefox.exe	84
PID 3336 wrote to memory of 2904	3336	firefox.exe	84
PID 3336 wrote to memory of 2904	3336	firefox.exe	84
PID 3336 wrote to memory of 2904	3336	firefox.exe	84
PID 3336 wrote to memory of 2904	3336	firefox.exe	84
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 1744	2904	firefox.exe	85
PID 2904 wrote to memory of 2592	2904	firefox.exe	86
PID 2904 wrote to memory of 2592	2904	firefox.exe	86
PID 2904 wrote to memory of 2592	2904	firefox.exe	86
PID 2904 wrote to memory of 2592	2904	firefox.exe	86
PID 2904 wrote to memory of 2592	2904	firefox.exe	86
PID 2904 wrote to memory of 2592	2904	firefox.exe	86
PID 2904 wrote to memory of 2592	2904	firefox.exe	86
PID 2904 wrote to memory of 2592	2904	firefox.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "https://www.opera.com/gx"
1⤵
- Suspicious use of WriteProcessMemory
PID:3336
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url https://www.opera.com/gx
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1948 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ded193d5-b25b-41aa-a63f-8f2bee5409c4} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" gpu
    3⤵
    PID:1744
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2400 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 24600 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c559c81-a704-42f5-a992-aac4e0d8d962} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" socket
    3⤵
    PID:2592
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3224 -childID 1 -isForBrowser -prefsHandle 3296 -prefMapHandle 2992 -prefsLen 22652 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {19326bc6-bed9-401f-813a-67befe7491e6} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:1856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2812 -childID 2 -isForBrowser -prefsHandle 3684 -prefMapHandle 3680 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d1e26370-24d2-4093-8a37-9f858febbdb1} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:4300
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4400 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4412 -prefMapHandle 4408 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c9caebbc-5814-4905-a874-c13a275df638} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" utility
    3⤵
    - Checks processor information in registry
    PID:3304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4820 -childID 3 -isForBrowser -prefsHandle 5372 -prefMapHandle 5544 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {150e9c41-e56c-4518-9f82-3cc7220cf3f4} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:3212
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5796 -childID 4 -isForBrowser -prefsHandle 5720 -prefMapHandle 5724 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2fed82f-c2b5-4926-9ce7-10715270565f} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:3628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6012 -childID 5 -isForBrowser -prefsHandle 6004 -prefMapHandle 6000 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1361d7e-6e53-4f7d-a136-c48079f83ef8} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:3780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3824 -childID 6 -isForBrowser -prefsHandle 3536 -prefMapHandle 2836 -prefsLen 29278 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bdec29ac-cb45-435e-ba8a-e08119a636e7} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1004 -childID 7 -isForBrowser -prefsHandle 6280 -prefMapHandle 6260 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33e4500c-8194-4e61-a750-a08d4586bea5} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:5444
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6668 -childID 8 -isForBrowser -prefsHandle 3488 -prefMapHandle 3912 -prefsLen 27441 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9edb5370-06b2-4412-95cd-2208d920da93} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:5868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5804 -childID 9 -isForBrowser -prefsHandle 5872 -prefMapHandle 5860 -prefsLen 27441 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6afb0a17-3356-4c1a-9016-4c98f0b98eb3} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:5328
- - C:\Users\Admin\Downloads\mitmproxy-10.4.2-windows-x86_64-installer.exe
    "C:\Users\Admin\Downloads\mitmproxy-10.4.2-windows-x86_64-installer.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Drops file in Program Files directory
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2124
  - - C:\Windows\system32\cmd.exe
      C:\Windows\system32\cmd.exe /s /c " powershell -File "C:\Program Files\mitmproxy\bin\run.ps1" mitmproxy"
      4⤵
      PID:6964
    - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -File "C:\Program Files\mitmproxy\bin\run.ps1" mitmproxy
        5⤵
        Command and Scripting Interpreter: PowerShell
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:6920
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6876 -childID 10 -isForBrowser -prefsHandle 3640 -prefMapHandle 1548 -prefsLen 28045 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78c28815-b6ee-4b20-a0c9-6194d7db344d} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:5200
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2616 -childID 11 -isForBrowser -prefsHandle 5852 -prefMapHandle 5132 -prefsLen 28045 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {637c62b8-6c68-4741-9d59-390b3dc3be50} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:5352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6728 -childID 12 -isForBrowser -prefsHandle 6704 -prefMapHandle 6700 -prefsLen 28045 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {860cec73-8941-4092-8f03-b54ef47a054c} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:5528
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7804 -childID 13 -isForBrowser -prefsHandle 5844 -prefMapHandle 7800 -prefsLen 28289 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f01de01-f180-4997-b4a8-53d3292527f5} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:5004
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    "C:\Users\Admin\Downloads\OperaGXSetup.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:7048
  - - C:\Users\Admin\AppData\Local\Temp\7zS88B440F2\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS88B440F2\setup.exe --server-tracking-blob=NDY3ZDQ1YzRjYzUwMjEwNDc5OWI0YzYxNGJmYzgzNDI2ZjkxMTc2Y2UwNTg1YzYzNzQwMDliOTMyOWZlMjM2Zjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT0lMjhkaXJlY3QlMjkmdXRtX21lZGl1bT1kb2MmdXRtX2NhbXBhaWduPSUyOGRpcmVjdCUyOSZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmZGxfdG9rZW49NzI0NjE4MTAiLCJ0aW1lc3RhbXAiOiIxNzIzNDYzOTA4LjE5NzciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMjQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMjQuMCIsInV0bSI6eyJjYW1wYWlnbiI6IihkaXJlY3QpIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoiZG9jIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IihkaXJlY3QpIn0sInV1aWQiOiI5M2QyZWY2Ni1iYmM0LTQzNjUtODY5Ni03ZDZiZTE2ZTQ2YTIifQ==
      4⤵
      Executes dropped EXE
      Enumerates connected drives
      System Location Discovery: System Language Discovery
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:1392
    - - C:\Users\Admin\AppData\Local\Temp\7zS88B440F2\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS88B440F2\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x328,0x32c,0x330,0x304,0x338,0x740a1b54,0x740a1b60,0x740a1b6c
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:968
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5648
    - - C:\Users\Admin\AppData\Local\Temp\7zS88B440F2\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS88B440F2\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1392 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240812120959" --session-guid=cd6cf8f7-e495-42c0-b8c5-cc6a505e3b7e --server-tracking-blob="OWEyODYxNTI0YzQ2MmYxOWUxZTM1ZDBkNWFmODEwYmNiMmVmOGMxYjY0NTVmODg3YjE3MmNlZjIzYWI1YjZlZDp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT0lMjhkaXJlY3QlMjkmdXRtX21lZGl1bT1kb2MmdXRtX2NhbXBhaWduPSUyOGRpcmVjdCUyOSZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmZGxfdG9rZW49NzI0NjE4MTAiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MjM0NjM5MDguMTk3NyIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEyNC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEyNC4wIiwidXRtIjp7ImNhbXBhaWduIjoiKGRpcmVjdCkiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS8iLCJtZWRpdW0iOiJkb2MiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiKGRpcmVjdCkifSwidXVpZCI6IjkzZDJlZjY2LWJiYzQtNDM2NS04Njk2LTdkNmJlMTZlNDZhMiJ9 " --desktopshortcut=1 --wait-for-package --initial-proc-handle=3007000000000000
        5⤵
        Executes dropped EXE
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:6116
      - C:\Users\Admin\AppData\Local\Temp\7zS88B440F2\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS88B440F2\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x334,0x338,0x33c,0x310,0x340,0x71c91b54,0x71c91b60,0x71c91b6c
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:1560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller&arch=x64
        5⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:5872
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9093646f8,0x7ff909364708,0x7ff909364718
        6⤵
        
        PID:5380
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,6265607502832394417,10224517899564867434,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
        6⤵
        
        PID:2180
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,6265607502832394417,10224517899564867434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
        6⤵
        
        PID:4740
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,6265607502832394417,10224517899564867434,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
        6⤵
        
        PID:7064
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6265607502832394417,10224517899564867434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
        6⤵
        
        PID:6404
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6265607502832394417,10224517899564867434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
        6⤵
        
        PID:5296
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6265607502832394417,10224517899564867434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4236 /prefetch:1
        6⤵
        
        PID:7012
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6265607502832394417,10224517899564867434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
        6⤵
        
        PID:5020
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6265607502832394417,10224517899564867434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:8
        6⤵
        
        PID:3428
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,6265607502832394417,10224517899564867434,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 /prefetch:8
        6⤵
        
        PID:1384
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6265607502832394417,10224517899564867434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:1
        6⤵
        
        PID:6608
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6265607502832394417,10224517899564867434,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
        6⤵
        
        PID:1680
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6265607502832394417,10224517899564867434,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
        6⤵
        
        PID:6672
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6265607502832394417,10224517899564867434,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4488 /prefetch:1
        6⤵
        
        PID:5312
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,6265607502832394417,10224517899564867434,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3776 /prefetch:1
        6⤵
        
        PID:5408
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4872 -childID 14 -isForBrowser -prefsHandle 4920 -prefMapHandle 4852 -prefsLen 28359 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d55f9b99-91fe-4b6c-b830-2fcfe6bf476c} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:5472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7540 -childID 15 -isForBrowser -prefsHandle 5364 -prefMapHandle 7860 -prefsLen 28359 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {62677624-7f60-41ce-8cbd-ac492db79888} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:2272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4804 -childID 16 -isForBrowser -prefsHandle 7848 -prefMapHandle 4796 -prefsLen 28359 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50dd7b02-ce53-465c-9198-baa79c2a322d} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:3576
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    "C:\Users\Admin\Downloads\OperaGXSetup.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:976
  - - C:\Users\Admin\AppData\Local\Temp\7zS0D3690E5\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS0D3690E5\setup.exe --server-tracking-blob=NDY3ZDQ1YzRjYzUwMjEwNDc5OWI0YzYxNGJmYzgzNDI2ZjkxMTc2Y2UwNTg1YzYzNzQwMDliOTMyOWZlMjM2Zjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT0lMjhkaXJlY3QlMjkmdXRtX21lZGl1bT1kb2MmdXRtX2NhbXBhaWduPSUyOGRpcmVjdCUyOSZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmZGxfdG9rZW49NzI0NjE4MTAiLCJ0aW1lc3RhbXAiOiIxNzIzNDYzOTA4LjE5NzciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMjQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMjQuMCIsInV0bSI6eyJjYW1wYWlnbiI6IihkaXJlY3QpIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoiZG9jIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IihkaXJlY3QpIn0sInV1aWQiOiI5M2QyZWY2Ni1iYmM0LTQzNjUtODY5Ni03ZDZiZTE2ZTQ2YTIifQ==
      4⤵
      Executes dropped EXE
      Enumerates connected drives
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:6868
    - - C:\Users\Admin\AppData\Local\Temp\7zS0D3690E5\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS0D3690E5\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x330,0x32c,0x334,0x304,0x338,0x740a1b54,0x740a1b60,0x740a1b6c
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4860
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4868
    - - C:\Users\Admin\AppData\Local\Temp\7zS0D3690E5\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS0D3690E5\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6868 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240812121245" --session-guid=4a3f7522-c718-4177-a6e1-16c92cca9836 --server-tracking-blob="OWEyODYxNTI0YzQ2MmYxOWUxZTM1ZDBkNWFmODEwYmNiMmVmOGMxYjY0NTVmODg3YjE3MmNlZjIzYWI1YjZlZDp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT0lMjhkaXJlY3QlMjkmdXRtX21lZGl1bT1kb2MmdXRtX2NhbXBhaWduPSUyOGRpcmVjdCUyOSZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmZGxfdG9rZW49NzI0NjE4MTAiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MjM0NjM5MDguMTk3NyIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEyNC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEyNC4wIiwidXRtIjp7ImNhbXBhaWduIjoiKGRpcmVjdCkiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS8iLCJtZWRpdW0iOiJkb2MiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiKGRpcmVjdCkifSwidXVpZCI6IjkzZDJlZjY2LWJiYzQtNDM2NS04Njk2LTdkNmJlMTZlNDZhMiJ9 " --desktopshortcut=1 --wait-for-package --initial-proc-handle=F406000000000000
        5⤵
        Executes dropped EXE
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:6528
      - C:\Users\Admin\AppData\Local\Temp\7zS0D3690E5\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS0D3690E5\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x324,0x328,0x338,0x300,0x33c,0x71071b54,0x71071b60,0x71071b6c
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5880
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller&arch=x64
        5⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of AdjustPrivilegeToken
        
        PID:3492
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xc8,0x110,0x7ff9093646f8,0x7ff909364708,0x7ff909364718
        6⤵
        
        PID:6636
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
        6⤵
        
        PID:5620
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
        6⤵
        
        PID:6804
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
        6⤵
        
        PID:1756
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
        6⤵
        
        PID:1372
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
        6⤵
        
        PID:7128
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4232 /prefetch:1
        6⤵
        
        PID:4848
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
        6⤵
        
        PID:5480
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3548 /prefetch:8
        6⤵
        
        PID:4076
      - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3548 /prefetch:8
        6⤵
        
        PID:8
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
        6⤵
        
        PID:3284
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
        6⤵
        
        PID:6728
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5596 /prefetch:8
        6⤵
        
        PID:2288
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
        6⤵
        
        PID:5044
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5904 /prefetch:8
        6⤵
        
        PID:2176
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6040 /prefetch:1
        6⤵
        
        PID:6640
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
        6⤵
        
        PID:7004
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
        6⤵
        
        PID:6956
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,812363244316419590,12976584714358948064,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
        6⤵
        
        PID:5904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6292 -childID 17 -isForBrowser -prefsHandle 4744 -prefMapHandle 4936 -prefsLen 28359 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa13d7d5-f645-4dab-bf35-2513efa7dbac} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:6432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3988 -childID 18 -isForBrowser -prefsHandle 7784 -prefMapHandle 6632 -prefsLen 28359 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11e6d8e5-f1d5-4545-ab0b-a07af304dca1} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:4972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7856 -childID 19 -isForBrowser -prefsHandle 7540 -prefMapHandle 7860 -prefsLen 28359 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {14a39186-8387-44ee-bb04-f0ad10ec655a} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:2236
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6920 -childID 20 -isForBrowser -prefsHandle 7112 -prefMapHandle 6672 -prefsLen 28359 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3aa20e59-0264-4126-9e2f-4312b98b5b7a} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:2948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4880 -childID 21 -isForBrowser -prefsHandle 5396 -prefMapHandle 4916 -prefsLen 28359 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b7b6d2ce-8432-4df6-b623-6d5be7e0e1b5} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:7084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5148 -childID 22 -isForBrowser -prefsHandle 2876 -prefMapHandle 5860 -prefsLen 28401 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f5215f6-08a0-4edc-baaf-234053d4d586} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:6596
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7804 -childID 23 -isForBrowser -prefsHandle 4756 -prefMapHandle 7912 -prefsLen 28401 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c90f419f-16e8-48a4-a14f-ab8a00fa6ac6} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:5696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5400 -childID 24 -isForBrowser -prefsHandle 5092 -prefMapHandle 6232 -prefsLen 28401 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8f42e8a-dab6-442a-99c0-1688a861fcd8} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:6244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7316 -childID 25 -isForBrowser -prefsHandle 4796 -prefMapHandle 5044 -prefsLen 28401 -prefMapSize 244658 -jsInitHandle 900 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {05a338ac-eabc-4934-803d-d9c4c3cc2853} 2904 "\\.\pipe\gecko-crash-server-pipe.2904" tab
    3⤵
    PID:2288

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -File "C:\Program Files\mitmproxy\bin\run.ps1" mitmproxy
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6216

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -File "C:\Program Files\mitmproxy\bin\run.ps1" mitmweb
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:6632

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7080

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\mitmproxy\bin\run.ps1"
1⤵
PID:7100

C:\Windows\System32\notepad.exe
"C:\Windows\System32\notepad.exe" "C:\Program Files\mitmproxy\bin\run.ps1"
1⤵
PID:6652

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" "-Command" "if((Get-ExecutionPolicy ) -ne 'AllSigned') { Set-ExecutionPolicy -Scope Process Bypass }; & 'C:\Program Files\mitmproxy\bin\run.ps1'"
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5816
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command & 'C:\Program Files\mitmproxy\bin\.exe'
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Drops file in Program Files directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:3996

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:5632
- C:\Program Files\mitmproxy\bin\mitmweb.exe
  mitmweb.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://127.0.0.1:8081/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9093646f8,0x7ff909364708,0x7ff909364718
      4⤵
      PID:6936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8916389597332248801,4752216496060018921,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
      4⤵
      PID:5700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8916389597332248801,4752216496060018921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8916389597332248801,4752216496060018921,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
      4⤵
      PID:6488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8916389597332248801,4752216496060018921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
      4⤵
      PID:632
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8916389597332248801,4752216496060018921,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
      4⤵
      PID:6252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8916389597332248801,4752216496060018921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
      4⤵
      PID:868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8916389597332248801,4752216496060018921,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5136 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:6856
- - C:\Program Files\mitmproxy\bin\_internal\mitmproxy_windows\windows-redirector.exe
    "C:\Program Files\mitmproxy\bin\_internal\mitmproxy_windows\windows-redirector.exe" \\.\pipe\mitmproxy-transparent-proxy-6672
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:5440
- C:\Program Files\mitmproxy\bin\mitmweb.exe
  mitmweb.exe
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://127.0.0.1:8081/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:7104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9093646f8,0x7ff909364708,0x7ff909364718
      4⤵
      PID:6108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,10865507463056462946,1500182990790815658,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
      4⤵
      PID:1940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,10865507463056462946,1500182990790815658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:1556
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,10865507463056462946,1500182990790815658,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
      4⤵
      PID:5580
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10865507463056462946,1500182990790815658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
      4⤵
      PID:1440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,10865507463056462946,1500182990790815658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
      4⤵
      PID:4956
- - C:\Program Files\mitmproxy\bin\_internal\mitmproxy_windows\windows-redirector.exe
    "C:\Program Files\mitmproxy\bin\_internal\mitmproxy_windows\windows-redirector.exe" \\.\pipe\mitmproxy-transparent-proxy-4768
    3⤵
    - Executes dropped EXE
    PID:6216
- C:\Program Files\mitmproxy\bin\mitmweb.exe
  mitmweb.exe
  2⤵
  - Executes dropped EXE
  PID:7080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://127.0.0.1:8081/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:3916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff9093646f8,0x7ff909364708,0x7ff909364718
      4⤵
      PID:6100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,4803614078331481868,8779690652154189625,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2032 /prefetch:2
      4⤵
      PID:4456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,4803614078331481868,8779690652154189625,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2448 /prefetch:3
      4⤵
      PID:6120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,4803614078331481868,8779690652154189625,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
      4⤵
      PID:6116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4803614078331481868,8779690652154189625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
      4⤵
      PID:5396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,4803614078331481868,8779690652154189625,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
      4⤵
      PID:5444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5680

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7040

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5172

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
PID:3924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5804

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:6696
- C:\Windows\System32\rundll32.exe
  "C:\Windows\System32\rundll32.exe" C:\Windows\System32\shell32.dll,Control_RunDLL C:\Windows\System32\inetcpl.cpl
  2⤵
  PID:2128

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:1616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3488

C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6276
- C:\Users\Admin\AppData\Local\Temp\7zS4886F9E8\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4886F9E8\setup.exe --server-tracking-blob=NDY3ZDQ1YzRjYzUwMjEwNDc5OWI0YzYxNGJmYzgzNDI2ZjkxMTc2Y2UwNTg1YzYzNzQwMDliOTMyOWZlMjM2Zjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT0lMjhkaXJlY3QlMjkmdXRtX21lZGl1bT1kb2MmdXRtX2NhbXBhaWduPSUyOGRpcmVjdCUyOSZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmZGxfdG9rZW49NzI0NjE4MTAiLCJ0aW1lc3RhbXAiOiIxNzIzNDYzOTA4LjE5NzciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMjQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMjQuMCIsInV0bSI6eyJjYW1wYWlnbiI6IihkaXJlY3QpIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoiZG9jIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IihkaXJlY3QpIn0sInV1aWQiOiI5M2QyZWY2Ni1iYmM0LTQzNjUtODY5Ni03ZDZiZTE2ZTQ2YTIifQ==
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  PID:5444
- - C:\Users\Admin\AppData\Local\Temp\7zS4886F9E8\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS4886F9E8\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x338,0x33c,0x340,0x334,0x308,0x740a1b54,0x740a1b60,0x740a1b6c
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3192
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6240
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408121216241\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408121216241\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6360
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408121216241\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408121216241\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3872
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408121216241\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408121216241\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x7f4f48,0x7f4f58,0x7f4f64
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3764
- - C:\Users\Admin\AppData\Local\Temp\7zS4886F9E8\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS4886F9E8\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5444 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240812121624" --session-guid=c85aa00d-2a0a-4039-a089-a781ada6613b --server-tracking-blob="OWEyODYxNTI0YzQ2MmYxOWUxZTM1ZDBkNWFmODEwYmNiMmVmOGMxYjY0NTVmODg3YjE3MmNlZjIzYWI1YjZlZDp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT0lMjhkaXJlY3QlMjkmdXRtX21lZGl1bT1kb2MmdXRtX2NhbXBhaWduPSUyOGRpcmVjdCUyOSZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmZGxfdG9rZW49NzI0NjE4MTAiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MjM0NjM5MDguMTk3NyIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQ7IHJ2OjEyNC4wKSBHZWNrby8yMDEwMDEwMSBGaXJlZm94LzEyNC4wIiwidXRtIjp7ImNhbXBhaWduIjoiKGRpcmVjdCkiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS8iLCJtZWRpdW0iOiJkb2MiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiKGRpcmVjdCkifSwidXVpZCI6IjkzZDJlZjY2LWJiYzQtNDM2NS04Njk2LTdkNmJlMTZlNDZhMiJ9 " --desktopshortcut=1 --wait-for-package --initial-proc-handle=AC0A000000000000
    3⤵
    - Executes dropped EXE
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    PID:6964
  - - C:\Users\Admin\AppData\Local\Temp\7zS4886F9E8\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS4886F9E8\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x324,0x328,0x32c,0x300,0x330,0x70071b54,0x70071b60,0x70071b6c
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:3352

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3856

C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2356
- C:\Users\Admin\AppData\Local\Temp\7zS43912A3C\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS43912A3C\setup.exe --server-tracking-blob=NDY3ZDQ1YzRjYzUwMjEwNDc5OWI0YzYxNGJmYzgzNDI2ZjkxMTc2Y2UwNTg1YzYzNzQwMDliOTMyOWZlMjM2Zjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT0lMjhkaXJlY3QlMjkmdXRtX21lZGl1bT1kb2MmdXRtX2NhbXBhaWduPSUyOGRpcmVjdCUyOSZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmZGxfdG9rZW49NzI0NjE4MTAiLCJ0aW1lc3RhbXAiOiIxNzIzNDYzOTA4LjE5NzciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMjQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMjQuMCIsInV0bSI6eyJjYW1wYWlnbiI6IihkaXJlY3QpIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoiZG9jIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IihkaXJlY3QpIn0sInV1aWQiOiI5M2QyZWY2Ni1iYmM0LTQzNjUtODY5Ni03ZDZiZTE2ZTQ2YTIifQ==
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  PID:2144
- - C:\Users\Admin\AppData\Local\Temp\7zS43912A3C\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS43912A3C\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x6f451b54,0x6f451b60,0x6f451b6c
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4788
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4584

C:\Users\Admin\Downloads\OperaGXSetup.exe
"C:\Users\Admin\Downloads\OperaGXSetup.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4080
- C:\Users\Admin\AppData\Local\Temp\7zS0FF8DCEC\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS0FF8DCEC\setup.exe --server-tracking-blob=NDY3ZDQ1YzRjYzUwMjEwNDc5OWI0YzYxNGJmYzgzNDI2ZjkxMTc2Y2UwNTg1YzYzNzQwMDliOTMyOWZlMjM2Zjp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT0lMjhkaXJlY3QlMjkmdXRtX21lZGl1bT1kb2MmdXRtX2NhbXBhaWduPSUyOGRpcmVjdCUyOSZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmZGxfdG9rZW49NzI0NjE4MTAiLCJ0aW1lc3RhbXAiOiIxNzIzNDYzOTA4LjE5NzciLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMjQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMjQuMCIsInV0bSI6eyJjYW1wYWlnbiI6IihkaXJlY3QpIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoiZG9jIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IihkaXJlY3QpIn0sInV1aWQiOiI5M2QyZWY2Ni1iYmM0LTQzNjUtODY5Ni03ZDZiZTE2ZTQ2YTIifQ==
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  PID:6088
- - C:\Users\Admin\AppData\Local\Temp\7zS0FF8DCEC\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS0FF8DCEC\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x324,0x328,0x32c,0x300,0x330,0x6f451b54,0x6f451b60,0x6f451b6c
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1100
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\mitmproxy\bin\_internal\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Program Files\mitmproxy\bin\_internal\VCRUNTIME140_1.dll

Filesize
48KB

MD5
f8dfa78045620cf8a732e67d1b1eb53d

SHA1
ff9a604d8c99405bfdbbf4295825d3fcbc792704

SHA256
a113f192195f245f17389e6ecbed8005990bcb2476ddad33f7c4c6c86327afe5

SHA512
ba7f8b7ab0deb7a7113124c28092b543e216ca08d1cf158d9f40a326fb69f4a2511a41a59ea8482a10c9ec4ec8ac69b70dfe9ca65e525097d93b819d498da371

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_asyncio.pyd

Filesize
69KB

MD5
477dba4d6e059ea3d61fad7b6a7da10e

SHA1
1f23549e60016eeed508a30479886331b22f7a8b

SHA256
5bebeb765ab9ef045bc5515166360d6f53890d3ad6fc360c20222d61841410b6

SHA512
8119362c2793a4c5da25a63ca68aa3b144db7e4c08c80cbe8c8e7e8a875f1bd0c30e497208ce20961ddb38d3363d164b6e1651d3e030ed7b8ee5f386faf809d2

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_brotli.cp312-win_amd64.pyd

Filesize
802KB

MD5
9ad5bb6f92ee2cfd29dde8dd4da99eb7

SHA1
30a8309938c501b336fd3947de46c03f1bb19dc8

SHA256
788acbfd0edd6ca3ef3e97a9487eeaea86515642c71cb11bbcf25721e6573ec8

SHA512
a166abcb834d6c9d6b25807adddd25775d81e2951e1bc3e9849d8ae868dedf2e1ee1b6b4b288ddfbd88a63a6fa624e2d6090aa71ded9b90c2d8cbf2d9524fdbf

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_bz2.pyd

Filesize
83KB

MD5
5bebc32957922fe20e927d5c4637f100

SHA1
a94ea93ee3c3d154f4f90b5c2fe072cc273376b3

SHA256
3ed0e5058d370fb14aa5469d81f96c5685559c054917c7280dd4125f21d25f62

SHA512
afbe80a73ee9bd63d9ffa4628273019400a75f75454667440f43beb253091584bf9128cbb78ae7b659ce67a5faefdba726edb37987a4fe92f082d009d523d5d6

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_cffi_backend.cp312-win_amd64.pyd

Filesize
178KB

MD5
0572b13646141d0b1a5718e35549577c

SHA1
eeb40363c1f456c1c612d3c7e4923210eae4cdf7

SHA256
d8a76d1e31bbd62a482dea9115fc1a109cb39af4cf6d1323409175f3c93113a7

SHA512
67c28432ca8b389acc26e47eb8c4977fddd4af9214819f89df07fecbc8ed750d5f35807a1b195508dd1d77e2a7a9d7265049dcfbfe7665a7fd1ba45da1e4e842

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_ctypes.pyd

Filesize
122KB

MD5
fb454c5e74582a805bc5e9f3da8edc7b

SHA1
782c3fa39393112275120eaf62fc6579c36b5cf8

SHA256
74e0e8384f6c2503215f4cf64c92efe7257f1aec44f72d67ad37dc8ba2530bc1

SHA512
727ada80098f07849102c76b484e9a61fb0f7da328c0276d82c6ee08213682c89deeb8459139a3fbd7f561bffaca91650a429e1b3a1ff8f341cebdf0bfa9b65d

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_decimal.pyd

Filesize
251KB

MD5
492c0c36d8ed1b6ca2117869a09214da

SHA1
b741cae3e2c9954e726890292fa35034509ef0f6

SHA256
b8221d1c9e2c892dd6227a6042d1e49200cd5cb82adbd998e4a77f4ee0e9abf1

SHA512
b8f1c64ad94db0252d96082e73a8632412d1d73fb8095541ee423df6f00bc417a2b42c76f15d7e014e27baae0ef50311c3f768b1560db005a522373f442e4be0

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_hashlib.pyd

Filesize
64KB

MD5
da02cefd8151ecb83f697e3bd5280775

SHA1
1c5d0437eb7e87842fde55241a5f0ca7f0fc25e7

SHA256
fd77a5756a17ec0788989f73222b0e7334dd4494b8c8647b43fe554cf3cfb354

SHA512
a13bc5c481730f48808905f872d92cb8729cc52cfb4d5345153ce361e7d6586603a58b964a1ebfd77dd6222b074e5dcca176eaaefecc39f75496b1f8387a2283

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_lzma.pyd

Filesize
156KB

MD5
195defe58a7549117e06a57029079702

SHA1
3795b02803ca37f399d8883d30c0aa38ad77b5f2

SHA256
7bf9ff61babebd90c499a8ed9b62141f947f90d87e0bbd41a12e99d20e06954a

SHA512
c47a9b1066dd9744c51ed80215bd9645aab6cc9d6a3f9df99f618e3dd784f6c7ce6f53eabe222cf134ee649250834193d5973e6e88f8a93151886537c62e2e2b

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_multiprocessing.pyd

Filesize
34KB

MD5
2bd43e8973882e32c9325ef81898ae62

SHA1
1e47b0420a2a1c1d910897a96440f1aeef5fa383

SHA256
3c34031b464e7881d8f9d182f7387a86b883581fd020280ec56c1e3ec6f4cc2d

SHA512
9d51bbd25c836f4f5d1fb9b42853476e13576126b8b521851948bdf08d53b8d4b4f66d2c8071843b01aa5631abdf13dc53c708dba195656a30f262dce30a88ca

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_overlapped.pyd

Filesize
54KB

MD5
7e4553ca5c269e102eb205585cc3f6b4

SHA1
73a60dbc7478877689c96c37107e66b574ba59c9

SHA256
d5f89859609371393d379b5ffd98e5b552078050e8b02a8e2900fa9b4ee8ff91

SHA512
65b72bc603e633596d359089c260ee3d8093727c4781bff1ec0b81c8244af68f69ff3141424c5de12355c668ae3366b4385a0db7455486c536a13529c47b54ef

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_queue.pyd

Filesize
31KB

MD5
b7e5fbd7ef3eefff8f502290c0e2b259

SHA1
9decba47b1cdb0d511b58c3146d81644e56e3611

SHA256
dbdabb5fe0ccbc8b951a2c6ec033551836b072cab756aaa56b6f22730080d173

SHA512
b7568b9df191347d1a8d305bd8ddd27cbfa064121c785fa2e6afef89ec330b60cafc366be2b22409d15c9434f5e46e36c5cbfb10783523fdcac82c30360d36f7

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_ruamel_yaml.cp312-win_amd64.pyd

Filesize
260KB

MD5
fd98e0335fe6901d021829a3dadaef92

SHA1
9053792352355a22ecfd0021ee35bad08e3e6cbb

SHA256
181cffb64b44fb26f6e42e642a7f37bc5e268cab30407eb60d71f8a7a5443017

SHA512
95565254f9befc224b48d0383345089ed8bac74d0372daa9f339072d3b25ae5ba00006587b664145f89f3b61e765f6207ee6cf0bdd92d9437318171a9a1ec55c

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_socket.pyd

Filesize
81KB

MD5
dd8ff2a3946b8e77264e3f0011d27704

SHA1
a2d84cfc4d6410b80eea4b25e8efc08498f78990

SHA256
b102522c23dac2332511eb3502466caf842d6bcd092fbc276b7b55e9cc01b085

SHA512
958224a974a3449bcfb97faab70c0a5b594fa130adc0c83b4e15bdd7aab366b58d94a4a9016cb662329ea47558645acd0e0cc6df54f12a81ac13a6ec0c895cd8

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_ssl.pyd

Filesize
174KB

MD5
c87c5890039c3bdb55a8bc189256315f

SHA1
84ef3c2678314b7f31246471b3300da65cb7e9de

SHA256
a5d361707f7a2a2d726b20770e8a6fc25d753be30bcbcbbb683ffee7959557c2

SHA512
e750dc36ae00249ed6da1c9d816f1bd7f8bc84ddea326c0cd0410dbcfb1a945aac8c130665bfacdccd1ee2b7ac097c6ff241bfc6cc39017c9d1cde205f460c44

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_uuid.pyd

Filesize
25KB

MD5
50521b577719195d7618a23b3103d8aa

SHA1
7020d2e107000eaf0eddde74bc3809df2c638e22

SHA256
acbf831004fb8b8d5340fe5debd9814c49bd282dd765c78faeb6bb5116288c78

SHA512
4ee950da8bbbd36932b488ec62fa046ac8fc35783a146edadbe063b8419a63d4dfb5bbd8c45e9e008fe708e6fc4a1fee1202fce92ffc95320547ba714fed95e1

Download Submit
C:\Program Files\mitmproxy\bin\_internal\_wmi.pyd

Filesize
36KB

MD5
8a9a59559c614fc2bcebb50073580c88

SHA1
4e4ced93f2cb5fe6a33c1484a705e10a31d88c4d

SHA256
752fb80edb51f45d3cc1c046f3b007802432b91aef400c985640d6b276a67c12

SHA512
9b17c81ff89a41307740371cb4c2f5b0cf662392296a7ab8e5a9eba75224b5d9c36a226dce92884591636c343b8238c19ef61c1fdf50cc5aa2da86b1959db413

Download Submit
C:\Program Files\mitmproxy\bin\_internal\aioquic\_buffer.pyd

Filesize
16KB

MD5
16b46f6e827f5f6217c4e6fdcd39833f

SHA1
34bcba1be1e5af525e5dbb74d6a26bae97aa8dac

SHA256
48168bcb2eeae913c8b399b5b3b2b20f4fd9375329594d81656bb88b42d105c3

SHA512
9d465fbae7867757ec7b68f0fcfffcc45764707a64effbd83dd8e9301e886e560fb4b164b55095a5f9380a807def66893407fee5f0179891450d1269c257db42

Download Submit
C:\Program Files\mitmproxy\bin\_internal\aioquic\_crypto.pyd

Filesize
3.5MB

MD5
0d5bf341ad0e85aaa66c08f509c91705

SHA1
2daa3c43dde333794bbd30456d3e09a9ac65d375

SHA256
cc25e7412b1842507ca5f3c820c630ba87ad5c78ed2f1937486be8a4e5177a33

SHA512
e74ea65b9c886e7a346d5a7b9bb34f488458fb4af95ec0f66cb5a193aca99a04cf5f0ec24cd53a65e8168cb9a1f91ab72929a9dae3d77b84b78bf6a8212e41c5

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-console-l1-1-0.dll

Filesize
10KB

MD5
6746e9cbc897101fd8ca22e42490614f

SHA1
3d732b58411eb6f4ad624bc9c7c5243315466ed3

SHA256
81310fd7aaf3a8a280e6efddecd5a682c871fc6f5595a3ba131c9e60b58c80e1

SHA512
2d9e059c9f924030d119e42de65e7488dfb87459d732391c674448e63e3a10b75b0886e0eedfdcab86dbb14c987cf6d1a0d276a9bc7571fcb0cfd8ff0c9157d5

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-datetime-l1-1-0.dll

Filesize
10KB

MD5
50ccec6aa3033c421ec34a17625bdc08

SHA1
abce26f3702e8f3d833f2e35adc8bc42d95354d6

SHA256
0d9125cc84892ef961f33f316139e027095e325d540a98d5cd8099633d31b368

SHA512
633ca161419f6dd990750a6f674a7cc8436b43c1c5ee02699bb0935ee030434f76a773dfe8f1c9b01e15c507ba8f1de4768a1829c239a34bfedee2b5226fbaf2

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-debug-l1-1-0.dll

Filesize
10KB

MD5
ae0f85a63ada456eeaf94b846fe8bd26

SHA1
621625b9913b257eb8fa39aa0637adb6737394fe

SHA256
305ce445fa2e3bbd9aca3f1a31ca8c805daec293cc79bcd20b39ea5ae5b9989d

SHA512
059d8de197387c761f2ea0066892e47722fc56fd274e4eff181e1192223d0c6ba8230b4d5f656cfec426dbd715c0e0acbef91681c462b2be6928f56ea7aaa267

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
10KB

MD5
4fc7b688f541c78df18402f7e3256929

SHA1
b431cecc0dd87ef4b4d3154b3ed6ff3b5c2eb0cd

SHA256
6e6c39c29890949d9857190c608ba8e4a195b8dc656d8616322e27a9d268fa49

SHA512
3d082b60af05566b9bc0135dbc5b9a9ccd9ba0aac07522a63ef15739f83b5b43f0c432274b15c29e00d4cd18e85d6c1673f7bfd872f57319c7b490db3ed69fdb

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-file-l1-1-0.dll

Filesize
13KB

MD5
ca2c182a0d46f7f614cbb61d3e9555c5

SHA1
04713c5ff488e17c151bfca1c540c495783c6e4a

SHA256
34b41b7160bf5fe3d46b95f51399de8666c5ab32b064e7d57d7771fd51aa0ce2

SHA512
7b1a994b8681921d308e8ebb62f47e705807c4eaeb7b6b25517b633b4bb324865a0987d4f4f3e8c166973ad5c8d8dce8ec83aafe20de8194c0ad8a64565b703f

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-file-l1-2-0.dll

Filesize
10KB

MD5
4e7b40f3c457212792ed796d5ceb7c0f

SHA1
dedb78bbcc0ae5e5ab1cb15eec15e4f3300bc32e

SHA256
11f046a0bd6ea6bbae9355e7b3f6ca42adae2a5c7f41f30fcb497baec80d69ad

SHA512
3f8fd4171d48cf8f9a37fad1b42d79bb9b8cf8c08d0e594aebc6425c1b5d981db542a4a57bf71d5fd936641755c1c8548bc77ead99aff142da0da10e03b1c135

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-file-l2-1-0.dll

Filesize
10KB

MD5
80ab22c6d0250257b61b217822aa5d7c

SHA1
e659198c8045d918384e276783507d77ce297cd6

SHA256
d56b63aefedc21372a5d75918032e98f3e4c564733d4838a5b442351e32a300b

SHA512
94e61803a318fde919ba18a20cbdfae1250a844c2266311bc99cfcbb22757bd43b5279567f24bae32192dc0b9fbb0b20d10db3b3f19014708af7e8f89a1c96a4

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-handle-l1-1-0.dll

Filesize
10KB

MD5
71cdf92988835da9a691482a6f06174f

SHA1
16f12bb281540a0de6c95120fc51dd0a068e28dd

SHA256
797f05fb447cdba1078acb66cb7bde7c908f0efba0bc3fd4a54b4daebffaf84b

SHA512
1987fbf26559e59894de2289792577b857f320809ab1720e799933528a8d082240556f63d2f4c16907b45f6da10a7e04dac8bb953f036f0ebe822c7d13b1bb8c

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-heap-l1-1-0.dll

Filesize
10KB

MD5
e58baf7e437354716be8bff0495f9bfe

SHA1
e873e3d8d422f62cabe7040517e561e31862278c

SHA256
6dee9c5652e2858fbfdd50c5175127108d227b7e90f575b2e6c33f1c8f5a0976

SHA512
2b7f122b48dbc7304118653e371ed99b45b203251a6dca2387311c4c70562121132bf2e00fa8d1b953583f2ca878602c2a1625f3bf3782112fd2619ba1ff25f8

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
10KB

MD5
cedb4d3397a2c134fec77753f880d025

SHA1
173f8841d20ef214c197eb4bab0a0d1e0cb6bebd

SHA256
433b60ea4523c5733da468703d14ab8dcce42ef5f2417f9cde2fea3d3c3c977c

SHA512
6df040faa43172f14e65d1a2311d5ab66cee250e12596e901a2d7cd8144a3738e8e486545ad760a254ed278f4d35f68e1dcefaf77bf581858b2070768d1bc18d

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
11KB

MD5
650ecbe45be7506075f93351bb0389f5

SHA1
4c33717c81500c72d4d7e9963b3c9043b8441a3f

SHA256
406e80902211d987ef0260d9db08821460e0702e90ae47165a727e0ca6b7c325

SHA512
63696d75015f2ed5c04883111aeae7eb594ff9fbc83f9b9399ccfd8186b9a5c52e4656005ef2c540091f82f7687745a209da79d12aa944a1d12b64547c31f342

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-localization-l1-2-0.dll

Filesize
12KB

MD5
7859eb82f99fa849ad33909cdae8d493

SHA1
b56512906e9642a99dcb7eb7373fa8ad5990019e

SHA256
7c7a3c0d04519d1656a50604b1052850e9d937b6c3e973d564a6b2f9495ae05f

SHA512
a6548d6d70e8c22638d0619b4eaafead5289953c013d2e95477fb34316b788cd756217426dd36582b49ba5fd93702c4ec4590cabbe47d79156516fff5fcdb149

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-memory-l1-1-0.dll

Filesize
10KB

MD5
273fdaa82afae0337f7f04ff9936afa3

SHA1
dd0ef3117be0d59ee13051346708b3008b1149c6

SHA256
9becf626ccabbcfc9a7b779026644606ec565b08cc9b85d3af09ab5189e8c6f9

SHA512
b19b2998bb197b741d878f0a25e75abea0f05033f20b17003bf8eed983ca35a90918fc4bb399d6c7150c8be8cb5a428e4f2fe804f1aae5a32f0a363604bc1fd7

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
10KB

MD5
bbee8d15501d1fe036fdac6c032c4380

SHA1
a8be3ab44d754498405ffabd39f77fc829bad3c6

SHA256
c26aae1fe2c56eb26ed1af5bb7cca7cea762e126f4c2e06b6ab39d75a8cb4482

SHA512
9851d4bc159a5b21e281c591c001245ced0455adf2c419977490546cbf452d405a34152a2df645a344aa50f45c2caff383e43a75e062c3478aba713868fbe2d1

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
11KB

MD5
9dd8cc2363db5f39ea3b6fc28dbb5695

SHA1
33c49373c772c0c7ec71983158213569cf572ee2

SHA256
173bbf24f7420db3d1e53e45dd0179b9b152bc6d08f3d46eb9d47a833a46cb0a

SHA512
946d4acde2773332405e1c4c0bf427f0cbde4ee42e72acac7039a482a62dd99f033c526428f42b63a2aca5db1eea0e6b45063d1e2de044ee8201ab829d884523

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
12KB

MD5
b6ef15e2cff6a7de8db778da9e845c55

SHA1
8062e8b2a02f9e0ad346bcc5ed8263fd61f17b4b

SHA256
c1ed94eade0309c4c4f0854f5a972bf76d55393857e45c770e217a996103aa62

SHA512
50a8267aab8819eac91e81bdcad64585b926dad0b41db46677b2214e68e3046bba0a9af33eb86c310e9bb2c8b4a04a12c6a70a772540072c7fc815a293a00c3e

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
10KB

MD5
54d6888e154d8fd2b35c7a7b8dcaa84b

SHA1
883cca38ff0d43ab86b344ec7a490515f594a060

SHA256
9e2744bc1f7fa7015881c5edc7f14b031472ca1a08c57c38325cbf7736890be0

SHA512
0b2f048b2b5f1083d8e65ddb3278a4340eab05e41d9a08b4337f4cdf6b5afe540cda6c3b87462a2de3bb9ff2fc2ab6d95631913c6e1e02335a42812d7ef681dd

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-profile-l1-1-0.dll

Filesize
9KB

MD5
93ad9b6d88b931d7c1672ae0af2d9dac

SHA1
8aa5583b42555a8706fd05b2211c1b6cd1c51c2b

SHA256
5ef9cd62cf2a2b0cb068126d9c680016c9e1f3b738a284325b9796c86af06594

SHA512
b04d553a719388347409047756db2ecbe58b2f4e08fa5bb4544725c1342c7e795267ab6493fca1a850eecaeb9c7a1779f874ce0367dcefa1ab1cb79b14cd7b45

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
10KB

MD5
93a2ea4844b8e80c1cff746c295553c7

SHA1
bd29d940b9c70ad7fd3b8645ca6d450c3392830a

SHA256
a50682fdd5a5ae9ceb02c7b9caffdce10e3b38178ebe3e74b6323627fc6d3a89

SHA512
0b95784543bf554d375c84721103f5a84aecc22d6d712df9713d6bd247258e5d6349a2ba9d92c7543d1303c91cfaf99d6d4f609b717db3bcd35f393a10d57d5e

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-string-l1-1-0.dll

Filesize
10KB

MD5
8e1b04d0e6ff7a3fc381f7306d6cf243

SHA1
a0a2794da5bfd59e7a7db03dd21aba9f10613623

SHA256
b4c44d1ee830c37ae96b90b0a119b4e137862f45314454a23b81fd3a2399a635

SHA512
1c45e2b37b9b648227b1af4d739e5d4f1979fa8796651a53d01d0a1cb871665115ded270b74e2abd9600a1c6157cfb0999c7958e69d188d9a420599d015bfb3d

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-synch-l1-1-0.dll

Filesize
12KB

MD5
0bd7734587b455b3b0fe4ff1342d38a5

SHA1
dbafbba73d821a395c97281741ed8ecbdfd9711d

SHA256
3f554614aba0bf193d101495b88fb5e3e6abc8e8c1f45dcc8053265fbc6b0a8c

SHA512
24f58e431a3660d94d7b2180dcd218c787f2b7fce4285e933c5191a7397ded002459487552b360dce5b8e61f2b70184a9bbdc6f5afe2767e6876f49f31f14451

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-synch-l1-2-0.dll

Filesize
10KB

MD5
c959ff1b1b733abd45125d6392a4f0fc

SHA1
3ce203f1e864e313ae0025acf776429a7d440150

SHA256
0c764d9856bbedd7ea95e3427790fdb0c3c270c1a97fa3e0d085d77bd684537d

SHA512
b71f6a4130ebb122506ecbd86ea5ddb73ab5bd6c6bac0caab9fff2e908b998a0cf8e45a95af14060186e114701141980192ad506a1365eaaa8364f6e649d0e88

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
11KB

MD5
6c97c8a4e1231863a6f2638bf44fbe53

SHA1
265e0b59a4ff5b7011d477f9172925b008be728c

SHA256
dad6738302efa9875f8c929c6c375cf15942a2cd6205b42166cde543f59697fd

SHA512
f957695f43212057905e4898c8d77bf82219bd33de3877d337625f5064b794f1dd6d507a7ab167d6b73e6531f9e839bc4148e0c433b396abeb827167448a6f1f

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-timezone-l1-1-0.dll

Filesize
10KB

MD5
9ec9658795a82a6f689dbbf9b14d56a8

SHA1
90498e0259ec68959e0ca9b7dfb6e94f24a192e5

SHA256
e25a1056beef787a1857541714d3ced677bc29257ddb70643a3f332d7081e24b

SHA512
ddab3d638f6b685ecf438870b3b6f1d7dd56319ed4748cbca20d54863970ce1e4e5edac4b7df5b63712fa63b1214f9477360f6f1dc7ec28feb807d3a3eb6457a

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-core-util-l1-1-0.dll

Filesize
10KB

MD5
ded095a3ea12e19e8fa06b400f4da71c

SHA1
c0537be41395dc58c2050527a1302bcca385c819

SHA256
fcbc8a6d4fcfda1df56188c7415874ac6e163aa5669da8b4dc5817411c7499b0

SHA512
5e27db0972db7ec821db1000d7293bbad4c9253aeaec37114be767625f32102bdc98476b0e819c2598dbe9f67e54cdb6d67a2046971467febba93e447f62b338

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-conio-l1-1-0.dll

Filesize
11KB

MD5
0b61c5aaf5794c40643856d3f84fd107

SHA1
88cd05a9d2c4ad3f928793e3d5479cf84eea088a

SHA256
8eb4ad287946765485ae35ca7fabb29844293412b01678d7c29d53688db80499

SHA512
78b22375796848e78f39495619dfb5a91da28f95b0a931effa7971265ed95663894ec55a8c2b249a326d9605d053c7c0abdd65f7d9a271fc803ac2fe2695411a

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-convert-l1-1-0.dll

Filesize
14KB

MD5
e813f085bb974077fd1ff02f859c19ff

SHA1
bdca1e7ca980373cfe93e2c07eae4e5f14fa92f8

SHA256
9818a2278ce39e0ecffa9bd2502fed106f9f2c6acaf801fb7d7df80606abc2ab

SHA512
b3b4b0e749dd04e698a26a82e2daa21e91d50896a648310253d69feb33585fd91e9c54698e33e8b9843642c865123e60a1cfaf3f2af46827afd38cd87a1b3e85

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-environment-l1-1-0.dll

Filesize
10KB

MD5
61d0f3d97c1a7af5314c39c80c838796

SHA1
06f7971574f67f34f61ff1a9a54b60221070d04b

SHA256
0bfca5c3f717d1373e3faf94dd3d010a6976ae2d57cb35a197c5bbac80724b10

SHA512
9651f768c448fbb878b7600cbd80c001b7d7ea7dbec04b4ec50a637939787591a484aafd7ea5c2e0c77447229970b3bf1b6175e552a9f2a1024272895ed04a75

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
12KB

MD5
ef655e2df6aa03c6aa11679e1601cbd1

SHA1
435082a01784be95f473095e4f0499f5c8c1e6b1

SHA256
8ec445f97325160b291ca8046c1cba997067e42e4095f724bda9b43ae13bfed7

SHA512
3a1ef8c4bfe553de57d59dc2c2009e65e69a8dca914d8d2396495b888be0859e78508e4000a39a482c7116fadfe1b8d143b9aaa2c97785a0954afd8b8b81a23f

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-heap-l1-1-0.dll

Filesize
11KB

MD5
6a32b4a457bc7eb515ed59dba1114897

SHA1
7a69af1660d76285183754c7d1b29d81968d3960

SHA256
da3fcc1283339ddd4504e48a63f75e4f8ac8f30ce48384e7c643b80b372bfcd6

SHA512
7c5968f24940e35eae221f6b17b44aef51f751d685d74e79aa247d5dfd95d8a8d3da3f7ce95a2c15764c5005be05fec22ec7a7c61617444acea353bf7931d19a

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-locale-l1-1-0.dll

Filesize
10KB

MD5
3089adc12784121cdba1e6b550efd6c9

SHA1
eaa9b3760d7b25590cea4564d5dc81c86442d336

SHA256
25420d595989c800fe5f274aebf32e74f2e670e1d08bc5336ed67de9e1b1d62c

SHA512
62d8c2f07c8670e5135b8f092b533272c87e38191ceefe03c2e6e707fa71997a68b4e00d68020aa2cf3ef6e4de1d6c7a48f1eadcd409bf6c3889f635a1f89696

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-math-l1-1-0.dll

Filesize
19KB

MD5
8b0fe0eb8a838ea1524b9244679136ed

SHA1
a32b845db57f66845e9d5f428a871eecc8900e57

SHA256
8324e803620d6c7a57d644efb951b5b811d258f85195f71404198456d6a20da6

SHA512
a1861b8098855c1833e1e080df325ae1078ebb8918d658c7379f24f982560ab420d858be6c19353a79cbac6a4378bc23e7636f7fb7d517121cd82d924e8dcfc2

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-process-l1-1-0.dll

Filesize
11KB

MD5
1b686ce09c3d5b958b29065520a90c6f

SHA1
dda2b3316f1f2c557b09fe0b8557785dd8be847c

SHA256
201b8ed6e586afb1ae44ca4da8d4a923bcf87889a8dea0c0921f995839ec41c0

SHA512
68dc42abaecd78ce34ee0e130cc74d0932d3bf53994bd45a7f804bf3c3e59cf8125283efe67d7c12e34313401baf8a707ddb20a015fbfb9849b96870047edfe3

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
14KB

MD5
5a04d702c462ac7b564f5da8bb35a2a0

SHA1
b8ed4c5710fb8c8ed81617c11b71b22cd57d5325

SHA256
0210604c8dd1e9aa8c2458e2734deff9d77897d7dfce42bc0f28ad62d265bd9b

SHA512
9986cb05ca1203c086e7d4f0c4a30c6c7394d6fc4ae3908b25867f387bf61a393b054c3a9e13ba9a0d103c5b1d4be874b81dc314be611457b3bd69113d91bd3c

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
16KB

MD5
41ba9068fd432758ae08d80470cff8c8

SHA1
9de3cff0d99e3baef7ff1f45187c414c5a803a9f

SHA256
3c4f7104e8257b64b4a856c06dee4ab12e35a5bdfe361b2fc4a04a564454010b

SHA512
1d50207493b3f3a3834ef09e4f78bb03d82f2760106842e7cb57742741a1182917f3e975244543e0cef63c16ebad147e3e8b16e18d14c63dc3c906670cee7545

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-string-l1-1-0.dll

Filesize
16KB

MD5
30a6e4b8fe2d9b2df594e809cbbac128

SHA1
f30559b281cb679bb406bfe42f1f501a376bca23

SHA256
f8bbf236334c083682cd710632005cb6a5a3b60086d05946827eb8ca45e24b8d

SHA512
337949c3b5a6e13ad3aae93294c5f97b6271f639e3296d4aab8ac546f4417c79c1906f92ab20955ca451d5317ba7fe64eed0c7a79309e337b20516283987c2e0

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-time-l1-1-0.dll

Filesize
12KB

MD5
9e4620c44403dfb42d3badd40ddef313

SHA1
0696df5c3f71aed9763408d2ab8ff8cbfd1d1a41

SHA256
5e2f92250a058802b4a72b93226616f390044c6bfe34a04b5533773806f7072e

SHA512
5b96b4775c5fae03ba0e96d2d0f5d2fb1b4bcb05014a47686b378e11659b53a518bb56acf0d3d076ec73eadb1b639c07a6be969bd68c34f3f3ca77451f160001

Download Submit
C:\Program Files\mitmproxy\bin\_internal\api-ms-win-crt-utility-l1-1-0.dll

Filesize
10KB

MD5
bd9a3823f7eab3959c358c9a02c07424

SHA1
4c689623c353bffbd28c19a4b69dc85d5791b65e

SHA256
8e32928cab5e81b35b232754a5ccf78cc55d6bc8fe362a90ab6d5eab1fe8f5d9

SHA512
16b9cdf77d83da944b56772ac78dd8af6ef94976d1468b8a32d43419487c5b0f3ff3169fb29fdeada3f64d74b8900e7833728bf332f93809cb4a8c9cf42b7f62

Download Submit
C:\Program Files\mitmproxy\bin\_internal\attrs-23.2.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Program Files\mitmproxy\bin\_internal\attrs-23.2.0.dist-info\METADATA

Filesize
9KB

MD5
e32d387a89f0114b8f9b9a809905299d

SHA1
a055c9fbf5416c83d5150d49ca16c58762b8b84a

SHA256
5b0bc6ece1f22a310fa72154642098b759f413f09ca9d45bedb96218475c9be0

SHA512
6eee3e19af46a79e2110678f8d3d15ea4b2eb1355d0fc9581da2c8e91d28926a2771394ea447e15cbc311a9dd9de2a20e2ac0e0abf9db6d4d51982199a12e881

Download Submit
C:\Program Files\mitmproxy\bin\_internal\attrs-23.2.0.dist-info\RECORD

Filesize
3KB

MD5
8829cd6bcf32a2b07fc3bca9942a0f19

SHA1
76ff04de50eb13c6b875a292dc68c80f7031d8f8

SHA256
8d2ee3b85635dc1c0367f021196cf128f22d08a3afb8209b638e1c109ecc0398

SHA512
39052963d68872b26072a2c70aff6ad5ca805d341207e8b7f5d5449238bf2ca6cb36bf5080b4cdfcea441c44bc5b8074f264dc7c122e1a515efd957780ea540d

Download Submit
C:\Program Files\mitmproxy\bin\_internal\attrs-23.2.0.dist-info\WHEEL

Filesize
87B

MD5
c58f7d318baa542f6bfd220f837ab63f

SHA1
f655fc3c0eb1bf12629c5750b2892bd896c3e7d9

SHA256
99161210bdc887a8396bf095308730885fffd007b8fe02d8874d5814dc22ab59

SHA512
3da6980a39c368ab7f7527fcd5fcdaa9d321060174baae163bf73f8052a2ac1a73f476c3882855965dfc2cb13c7c3ec1a012882201389dac887f9be59540c80f

Download Submit
C:\Program Files\mitmproxy\bin\_internal\attrs-23.2.0.dist-info\licenses\LICENSE

Filesize
1KB

MD5
5e55731824cf9205cfabeab9a0600887

SHA1
243e9dd038d3d68c67d42c0c4ba80622c2a56246

SHA256
882115c95dfc2af1eeb6714f8ec6d5cbcabf667caff8729f42420da63f714e9f

SHA512
21b242bf6dcbafa16336d77a40e69685d7e64a43cc30e13e484c72a93cd4496a7276e18137dc601b6a8c3c193cb775db89853ecc6d6eb2956deee36826d5ebfe

Download Submit
C:\Program Files\mitmproxy\bin\_internal\base_library.zip

Filesize
1.3MB

MD5
43935f81d0c08e8ab1dfe88d65af86d8

SHA1
abb6eae98264ee4209b81996c956a010ecf9159b

SHA256
c611943f0aeb3292d049437cb03500cc2f8d12f23faf55e644bca82f43679bc0

SHA512
06a9dcd310aa538664b08f817ec1c6cfa3f748810d76559c46878ea90796804904d41ac79535c7f63114df34c0e5de6d0452bb30df54b77118d925f21cfa1955

Download Submit
C:\Program Files\mitmproxy\bin\_internal\blinker-1.8.2.dist-info\LICENSE.txt

Filesize
1KB

MD5
42cd19c88fc13d1307a4efd64ee90e4e

SHA1
7e4783e856880d78ca235fc350e7269950aa22da

SHA256
9eb73a1f38597a4aa17025d2ae1be3839624c795e985d4f0e9769ce29faca467

SHA512
ce3e3aa997a39c568cf6a20793932f17507df6b6ecee1db6eaf26c9e3d2d93489f87582aa36730f0340a1538d9b0f108fbf850e541177851da8650659a063650

Download Submit
C:\Program Files\mitmproxy\bin\_internal\blinker-1.8.2.dist-info\METADATA

Filesize
1KB

MD5
d020232204886fc7d20a831ee312f3ea

SHA1
ef06b1bd4ef5d6d7106f9d7779a7837bc624df1b

SHA256
ded131e34866f481287f216a0cf26c0cf13d30020486d89f6a9a12a7b16acee0

SHA512
c9b506069c2f553c13a968037fd11292785e02672b1fa965262a1f9b70a7cc2def9da305557f394611d8960a686012d7c0b0c4833c8d9f1223066929e2ed8092

Download Submit
C:\Program Files\mitmproxy\bin\_internal\blinker-1.8.2.dist-info\RECORD

Filesize
833B

MD5
c8be6ae9e349fcb71e78e2b7bc52bb7b

SHA1
9a257519cfd21863e46235dfa02d0847afd70724

SHA256
f68e8aa4fcda9201216fa18d5171b0464187aea2f1dee411a44ed48394a01713

SHA512
c579e7bb428d6a12d710237d4bcb7a914c69e392a34c3a7bca1f607dc5f197785e491498cda7dd8561b56dcbca415ce62d8dfe7aa92462b0a4e1726bbd1de3b3

Download Submit
C:\Program Files\mitmproxy\bin\_internal\blinker-1.8.2.dist-info\WHEEL

Filesize
81B

MD5
24019423ea7c0c2df41c8272a3791e7b

SHA1
aae9ecfb44813b68ca525ba7fa0d988615399c86

SHA256
1196c6921ec87b83e865f450f08d19b8ff5592537f4ef719e83484e546abe33e

SHA512
09ab8e4daa9193cfdee6cf98ccae9db0601f3dcd4944d07bf3ae6fa5bcb9dc0dcafd369de9a650a38d1b46c758db0721eba884446a8a5ad82bb745fd5db5f9b1

Download Submit
C:\Program Files\mitmproxy\bin\_internal\certifi\cacert.pem

Filesize
284KB

MD5
181ac9a809b1a8f1bc39c1c5c777cf2a

SHA1
9341e715cea2e6207329e7034365749fca1f37dc

SHA256
488ba960602bf07cc63f4ef7aec108692fec41820fc3328a8e3f3de038149aee

SHA512
e19a92b94aedcf1282b3ef561bd471ea19ed361334092c55d72425f9183ebd1d30a619e493841b6f75c629f26f28dc682960977941b486c59475f21cf86fff85

Download Submit
C:\Program Files\mitmproxy\bin\_internal\charset_normalizer\md.cp312-win_amd64.pyd

Filesize
10KB

MD5
d9e0217a89d9b9d1d778f7e197e0c191

SHA1
ec692661fcc0b89e0c3bde1773a6168d285b4f0d

SHA256
ecf12e2c0a00c0ed4e2343ea956d78eed55e5a36ba49773633b2dfe7b04335c0

SHA512
3b788ac88c1f2d682c1721c61d223a529697c7e43280686b914467b3b39e7d6debaff4c0e2f42e9dddb28b522f37cb5a3011e91c66d911609c63509f9228133d

Download Submit
C:\Program Files\mitmproxy\bin\_internal\charset_normalizer\md__mypyc.cp312-win_amd64.pyd

Filesize
120KB

MD5
bf9a9da1cf3c98346002648c3eae6dcf

SHA1
db16c09fdc1722631a7a9c465bfe173d94eb5d8b

SHA256
4107b1d6f11d842074a9f21323290bbe97e8eed4aa778fbc348ee09cc4fa4637

SHA512
7371407d12e632fc8fb031393838d36e6a1fe1e978ced36ff750d84e183cde6dd20f75074f4597742c9f8d6f87af12794c589d596a81b920c6c62ee2ba2e5654

Download Submit
C:\Program Files\mitmproxy\bin\_internal\cryptography-43.0.0.dist-info\METADATA

Filesize
5KB

MD5
1682e8458a9f3565fd0941626cbe4302

SHA1
e5937d80b6ba976905491c9dbd8e16d0226795b5

SHA256
24f9838874233de69f9de9aebd95359e499498508d962b605d90186288d7d8c0

SHA512
2dc669a07dd263c967d637ac2e76ed3788830d96b91e256e16125997c4e3a68d268dc220c056bbfbc3b5e7def7d063b776d9d1da303a840ff203dae668d7a366

Download Submit
C:\Program Files\mitmproxy\bin\_internal\cryptography-43.0.0.dist-info\RECORD

Filesize
15KB

MD5
4b627ca53e89d6786b13e9a56777b75d

SHA1
ef66370b029cb35c3eda7b3e9924f1013ae12468

SHA256
a116e6c83340c115019278c88fb74d907627c8c39e324eb98438bb83445fab53

SHA512
8a851a7aeec52dfe764fa618649b1aa131f9e9e34c02ba9768f0ad2528ddbd1a0aa22a497398400e43972161d987133d39f19b90c8d08245bef0a1f0cf5a1d5b

Download Submit
C:\Program Files\mitmproxy\bin\_internal\cryptography-43.0.0.dist-info\WHEEL

Filesize
94B

MD5
c869d30012a100adeb75860f3810c8c9

SHA1
42fd5cfa75566e8a9525e087a2018e8666ed22cb

SHA256
f3fe049eb2ef6e1cc7db6e181fc5b2a6807b1c59febe96f0affcc796bdd75012

SHA512
b29feaf6587601bbe0edad3df9a87bfc82bb2c13e91103699babd7e039f05558c0ac1ef7d904bcfaf85d791b96bc26fa9e39988dd83a1ce8ecca85029c5109f0

Download Submit
C:\Program Files\mitmproxy\bin\_internal\cryptography-43.0.0.dist-info\license_files\LICENSE

Filesize
197B

MD5
8c3617db4fb6fae01f1d253ab91511e4

SHA1
e442040c26cd76d1b946822caf29011a51f75d6d

SHA256
3e0c7c091a948b82533ba98fd7cbb40432d6f1a9acbf85f5922d2f99a93ae6bb

SHA512
77a1919e380730bcce5b55d76fbffba2f95874254fad955bd2fe1de7fc0e4e25b5fdaab0feffd6f230fa5dc895f593cf8bfedf8fdc113efbd8e22fadab0b8998

Download Submit
C:\Program Files\mitmproxy\bin\_internal\cryptography-43.0.0.dist-info\license_files\LICENSE.APACHE

Filesize
11KB

MD5
4e168cce331e5c827d4c2b68a6200e1b

SHA1
de33ead2bee64352544ce0aa9e410c0c44fdf7d9

SHA256
aac73b3148f6d1d7111dbca32099f68d26c644c6813ae1e4f05f6579aa2663fe

SHA512
f451048e81a49fbfa11b49de16ff46c52a8e3042d1bcc3a50aaf7712b097bed9ae9aed9149c21476c2a1e12f1583d4810a6d36569e993fe1ad3879942e5b0d52

Download Submit
C:\Program Files\mitmproxy\bin\_internal\cryptography-43.0.0.dist-info\license_files\LICENSE.BSD

Filesize
1KB

MD5
5ae30ba4123bc4f2fa49aa0b0dce887b

SHA1
ea5b412c09f3b29ba1d81a61b878c5c16ffe69d8

SHA256
602c4c7482de6479dd2e9793cda275e5e63d773dacd1eca689232ab7008fb4fb

SHA512
ddbb20c80adbc8f4118c10d3e116a5cd6536f72077c5916d87258e155be561b89eb45c6341a1e856ec308b49a4cb4dba1408eabd6a781fbe18d6c71c32b72c41

Download Submit
C:\Program Files\mitmproxy\bin\_internal\cryptography\hazmat\bindings\_rust.pyd

Filesize
7.6MB

MD5
b98d491ead30f30e61bc3e865ab72f18

SHA1
db165369b7f2ae513b51c4f3def9ea2668268221

SHA256
35d5aeb890b99e6bae3e6b863313fbc8a1a554acbcd416fe901b1e1ae2993c98

SHA512
044c9c39bddb13020ed865d3aa30926460ae6ded5fdea59eca2b1cf6a4ded55728d883f19ee0749f95a4d93f66e04fcc62bc3be67119c4ccabd17b003cf5f3c4

Download Submit
C:\Program Files\mitmproxy\bin\_internal\flask-3.0.3.dist-info\LICENSE.txt

Filesize
1KB

MD5
ffeffa59c90c9c4a033c7574f8f3fb75

SHA1
e32a549b135c4b2b268107adc12d13cca2ca1e8c

SHA256
489a8e1108509ed98a37bb983e11e0f7e1d31f0bd8f99a79c8448e7ff37d07ea

SHA512
d1dce9e97ae504bcaa6bd3f0d8b78e28cc80a5abcc9133b2aafac2a0e89e28170057cf7fab948638f24cafcd23e302e5175e75ef5fa50affde725ed6f0961dd3

Download Submit
C:\Program Files\mitmproxy\bin\_internal\flask-3.0.3.dist-info\METADATA

Filesize
3KB

MD5
1b328490ccb1fa83337c669d00c9d9f2

SHA1
135517b0fb425294e53b2762dccd8f6bccdc1eaa

SHA256
7b13da872e1a6a18d5fa662a77da9be4734ff21681fc8c53b9aa2da12bc2b5a8

SHA512
d599e6ee3a7713fb98408376ae44b21eac08abaaf34446c7ddfecbfc5c96d9223d066f8713ae60aa1b52539f4f46480f7ca4faa90861cd30f9a2fa8cd85abfea

Download Submit
C:\Program Files\mitmproxy\bin\_internal\flask-3.0.3.dist-info\RECORD

Filesize
3KB

MD5
f80a660bb581b7ac18b744c4ac5c0058

SHA1
c84231efc2533c14bf0d8ad073db0678d7ec3e25

SHA256
82ee5eb338a54f15349281264eac0d82017d2f2dc7f6835620d8e7cba0be49d5

SHA512
feab70588637d51dd2f59bea21061cec765d2b5ef911c192ba44550682c081ac1341e912e16f7176e145b25c652a25f0a753c3eb8bdc79b5d1a17a6b569885fc

Download Submit
C:\Program Files\mitmproxy\bin\_internal\flask-3.0.3.dist-info\entry_points.txt

Filesize
40B

MD5
8feddca68819b423f57dfb59ce8ee3bd

SHA1
27e3e9826bf26dc90d10d5d2710091ad9c9a7a06

SHA256
6c13fb853392e5fcfdccbb42eec3e87c164094c904bc1c6eecaa92ea5e65bdce

SHA512
4ac00f7cc4100eee89074fd9a4eb6910e46654dd2475bcd1a560456cbf0d2b6cfbf7f88420b1ffc7b0ed9589f1e553d77604d742793bccc172f1795826928459

Download Submit
C:\Program Files\mitmproxy\bin\_internal\importlib_metadata-8.0.0.dist-info\LICENSE

Filesize
11KB

MD5
3b83ef96387f14655fc854ddc3c6bd57

SHA1
2b8b815229aa8a61e483fb4ba0588b8b6c491890

SHA256
cfc7749b96f63bd31c3c42b5c471bf756814053e847c10f3eb003417bc523d30

SHA512
98f6b79b778f7b0a15415bd750c3a8a097d650511cb4ec8115188e115c47053fe700f578895c097051c9bc3dfb6197c2b13a15de203273e1a3218884f86e90e8

Download Submit
C:\Program Files\mitmproxy\bin\_internal\importlib_metadata-8.0.0.dist-info\METADATA

Filesize
4KB

MD5
98abeaacc0e0e4fc385dff67b607071a

SHA1
e8c830d8b0942300c7c87b3b8fd15ea1396e07bd

SHA256
6a7b90effee1e09d5b484cdf7232016a43e2d9cc9543bcbb8e494b1ec05e1f59

SHA512
f1d59046ffa5b0083a5259ceb03219ccdb8cc6aac6247250cbd83e70f080784391fcc303f7630e1ad40e5ccf5041a57cb9b68adefec1ebc6c31fcf7ffc65e9b7

Download Submit
C:\Program Files\mitmproxy\bin\_internal\importlib_metadata-8.0.0.dist-info\RECORD

Filesize
2KB

MD5
eb513cafa5226dda7d54afdcc9ad8a74

SHA1
b394c7aec158350baf676ae3197bef4d7158b31c

SHA256
0d8d3c6eeb9ebbe86cac7d60861552433c329da9ea51248b61d02be2e5e64030

SHA512
a0017cfaff47fda6067e3c31775facee4728c3220c2d4bd70def328bd20aa71a343e39da15cd6b406f62311894c518dfcf5c8a4ae6f853946f26a4b4e767924e

Download Submit
C:\Program Files\mitmproxy\bin\_internal\importlib_metadata-8.0.0.dist-info\WHEEL

Filesize
91B

MD5
7d09837492494019ea51f4e97823d79f

SHA1
7829b4324bb542799494131a270ec3bdad4dedef

SHA256
9a0b8c95618c5fe5479cca4a3a38d089d228d6cb1194216ee1ae26069cf5b363

SHA512
a0063220ecdd22c3e735acff6de559acf3ac4c37b81d37633975a22a28b026f1935cd1957c0ff7d2ecc8b7f83f250310795eecc5273b893ffab115098f7b9c38

Download Submit
C:\Program Files\mitmproxy\bin\_internal\importlib_metadata-8.0.0.dist-info\top_level.txt

Filesize
19B

MD5
a24465f7850ba59507bf86d89165525c

SHA1
4e61f9264de74783b5924249bcfe1b06f178b9ad

SHA256
08eddf0fdcb29403625e4acca38a872d5fe6a972f6b02e4914a82dd725804fe0

SHA512
ecf1f6b777970f5257bddd353305447083008cebd8e5a27c3d1da9c7bdc3f9bf3abd6881265906d6d5e11992653185c04a522f4db5655ff75eedb766f93d5d48

Download Submit
C:\Program Files\mitmproxy\bin\_internal\itsdangerous-2.2.0.dist-info\LICENSE.txt

Filesize
1KB

MD5
4cda9a0ebd516714f360b0e9418cfb37

SHA1
a814758bca3dc0a25555dabbf2576cdc43cd8423

SHA256
63af09891b6be8ad1a4252ed43af0f4efba7fc948e228367bed7f3c5ae0b09d7

SHA512
7e046f889413534ad51d7f6dfbb404d4585fbbdc3b97777bb5142d9a35a51a7017c35b5390c680787f9dfcf65bc1014013f1ba1841aa0da9a2e2964d10167644

Download Submit
C:\Program Files\mitmproxy\bin\_internal\itsdangerous-2.2.0.dist-info\METADATA

Filesize
1KB

MD5
efe68e07ab85dba520899092c41d09cb

SHA1
2721517496b1b39ca959c37af2bd94a16d2d968e

SHA256
d2b934fb56708a1b94e439f0255c0f5a8108e3258ec827b18a1dc9c991db9611

SHA512
44faa8eccb252475cfc9b95229c0755e49ff699adec46e0bd7616f077e0421163532a65ceddbe8901d4d83231ba51aa73b313da58e7873a90b8593c595a12ccc

Download Submit
C:\Program Files\mitmproxy\bin\_internal\itsdangerous-2.2.0.dist-info\RECORD

Filesize
1KB

MD5
a0bfaff880a5baaec9fabe4d25f7a353

SHA1
6f5831d8145a4fe6d259e8f53f9196c21473993f

SHA256
b303bcd128d85b48cefd16f82f5c7c48a95e8dd186422c220a4c79bf176cb1aa

SHA512
49814e7ec70dcb19c33caa4e758cb96daff0fc16d0483259da8287af6c090e7e3a416197b1e4f85fb31c5e7a8812408233fcb2f33dc03442071b0deab6f8dffe

Download Submit
C:\Program Files\mitmproxy\bin\_internal\libcrypto-3.dll

Filesize
5.0MB

MD5
e547cf6d296a88f5b1c352c116df7c0c

SHA1
cafa14e0367f7c13ad140fd556f10f320a039783

SHA256
05fe080eab7fc535c51e10c1bd76a2f3e6217f9c91a25034774588881c3f99de

SHA512
9f42edf04c7af350a00fa4fdf92b8e2e6f47ab9d2d41491985b20cd0adde4f694253399f6a88f4bdd765c4f49792f25fb01e84ec03fd5d0be8bb61773d77d74d

Download Submit
C:\Program Files\mitmproxy\bin\_internal\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Program Files\mitmproxy\bin\_internal\libssl-3.dll

Filesize
768KB

MD5
19a2aba25456181d5fb572d88ac0e73e

SHA1
656ca8cdfc9c3a6379536e2027e93408851483db

SHA256
2e9fbcd8f7fdc13a5179533239811456554f2b3aa2fb10e1b17be0df81c79006

SHA512
df17dc8a882363a6c5a1b78ba3cf448437d1118ccc4a6275cc7681551b13c1a4e0f94e30ffb94c3530b688b62bff1c03e57c2c185a7df2bf3e5737a06e114337

Download Submit
C:\Program Files\mitmproxy\bin\_internal\markupsafe\_speedups.cp312-win_amd64.pyd

Filesize
15KB

MD5
06399d9b7b75206a86a9de42d71d4bce

SHA1
40d36ded4b40f125d5885a7288cbd0e02b43bd1b

SHA256
08bcfc9349a9bccf9d80b3f47921e91981e6f2c8651b15e80a29c0d76ce01ec6

SHA512
337f93f3f16445540d0986a8149ecc27f51ff170621c8a4ccafd030fe642a4c78aa08ee09682e83c8fcf30b38701db391bc9dd9facb130f5e9ecf5b2c04477c9

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\static\bootstrap.min.css

Filesize
156KB

MD5
0ce488f03456d3adeab0a84faf7bd70f

SHA1
65fc59d59ca41c44aa659f30dae94dc2ccefdc33

SHA256
87bddb2af465b6e831f93d85f749179318f5cdf71d0981843a1020c7db588936

SHA512
e6c35ac56172997df2556ea719d8d6d80ef4db4e0c39d4ec48ab2b170c196d530069df6367237e0f548fa3e5f33e3d072615e9eb7d6420de00a9fe51b5a0558a

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\static\images\favicon.ico

Filesize
5KB

MD5
eb3f64f6eec8153286e7ae52a535eb8c

SHA1
e8da1bfb5ff4b20f4a723aba25ca2c1d6e4ac0d7

SHA256
7a7408486f94d0dca411207e739adc71277227cbe5cbdc5aed70cdc4c4d4f76c

SHA512
95f1d00d6e9f8bcb9219cc994c7a067f4a5837d7e20acab13a6de14537c31d6c0238b8e5b8ea717543e5210eb52e42d1834a025fb9b0c52690f0f74bb16ea4b1

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\static\images\mitmproxy-long.png

Filesize
120KB

MD5
fb7fa4c8ff56b5f9a805479aa506ac2e

SHA1
a44ec0102851d33ea173d884686a16807f813cd5

SHA256
2e69ebe0dca5914b03e9b2eb4026c753c70f5d4c25f41d9fffd332b2715d4144

SHA512
1fcaea54ed1dd47763e4db49237bab390734f95c2f7f9d020d52dabcc3c8a0b93f0e64e29b9505bf9378ec7dae275581a6e8c13389958f07f3ee1d2c19ebe1f1

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\static\mitmproxy.css

Filesize
683B

MD5
abb67b7305f18085899fea569bdd376b

SHA1
08381d3e5628643b51541435884fa53f75fddade

SHA256
4f34c3b612bfd761f684b4c6917178e7c1bfdb84d3ae1435ae2ed9471720008b

SHA512
256a269c57fa6ae0ec41f54ffbcbd3ee9527bde42114826d996e5f4794fe1dad1845e310dcef8822668022063c9a41898748d00878d4d6124e88e5ab3845d54b

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\templates\icons\android-brands.svg

Filesize
535B

MD5
21873a9ecf611efcb8c18ce88b191090

SHA1
c3a4a3a80601a9db180efdf98080e2d893e895ac

SHA256
26cc15d54a692ec6f5038d955c49b3c768b5b1b2cb80aa9270db183bad5f60d7

SHA512
64cb91300c33096f0ae7ec417a8d15a7fa625c895c65f7af02a75d70239c5d655ba7df61ddfce54c1fb21770b8f2ad481a03ca6cca910aea8cb9cca240b2527f

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\templates\icons\apple-brands.svg

Filesize
665B

MD5
c66b5c1c8dcae38e9620ada4669d740c

SHA1
f504e5e9c6e3fcece06b28f926c4efbc32f0fb43

SHA256
f3b22c7417dd2feaebb1d805fcc3e7e474758effa2a4fa398395de9b9256ad3a

SHA512
fbfada5d98e613beeffa4ccac34988ddc2317227c7d76279bd4de49f66cda58482087ea618ace3dff547f919a2849b3d2c29db1d04e33ea0abb5bc8055c89fc0

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\templates\icons\certificate-solid.svg

Filesize
1KB

MD5
34d1a6c5214443044c82bde483a28cb3

SHA1
db1db4d99d697d34101eb669cd8a15a9e3a9fc44

SHA256
6e2f2e5b88bd4aea63535dee069222f9668f77e56ec7b34eb8812a21b2dcf436

SHA512
c90fe35fee1c191a68874baa125e55c6d5400f39c9ee6030c05dcd9ebfd48c36904492492179629915127edd6de19322cbf7b7660d0e3500aad8ba5560426da7

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\templates\icons\firefox-browser-brands.svg

Filesize
1KB

MD5
613cacf25a4803aa78d613022f75768f

SHA1
30132e34bd6f541d4dba5520e807edc2661fd637

SHA256
692ce31aeab7848eb621c407fcc2f88f82867043487edef282ae51e17ce646dd

SHA512
859a12781e89f31084bde3045b680311490d6459a563e4c2de8134a559afe13d6b8c51514f63694911143f9bbb554a00e4b6ad987904e314697faae8986e2dfd

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\templates\icons\linux-brands.svg

Filesize
3KB

MD5
ab61ec459cdee111f43848e0fcbcd069

SHA1
474bc9f399a7e77b808d93c934adf12ac60fa2be

SHA256
0fae278aed3ac8eba446d183ae42c8343ec47e468e9a11b7db871ed51fddcb98

SHA512
fd92a8259d6c212c701177e6e8e53d126ea9dadf313ff56be5427ca5bea31a96652cf01af47ac947e97f84381dd43f7df68386656bafa7c390f70868b304cfc7

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\templates\icons\windows-brands.svg

Filesize
369B

MD5
191a33375f233eb437ba07e95a0a27ee

SHA1
01ba204e174218f01f9eb90159677a60c25032bf

SHA256
23a8161f7c27a7d4d9552f13ee0f4301a753f79d9e29a090d72139118ef96379

SHA512
94d9010ae907ae2b4bc4241021591c011068833fe75aa3ec3ca1f0ed2cd1e2718266766fab2a90a3776212ca591448a8c38ca91bd0f513ababfec8ec2289c7a4

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\templates\index.html

Filesize
6KB

MD5
a4e5212fb321294c93e20adb7fb895f6

SHA1
d8e72c7b6b3c83dbfd5842e28a1b601b428a7cc5

SHA256
17a0ce1e74b5e8fdd569049fb0ad10742eb69920d4a251110ac7f787a1c10432

SHA512
19f283110618842e424e678bd69a9e74503025b12dd08fe916cc34b0223e8bab2da865617a08a1a406786c5e8f1744b285ddfeb998064782960194f25679edc8

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\addons\onboardingapp\templates\layout.html

Filesize
830B

MD5
a4f1067d53cc01ef95144a1c279e59d6

SHA1
e140695cd1f93857a5687f8f15bbd95f55d4e429

SHA256
a47031bcc5982c103c96c7a4caecc076df4b8ba805e137c92e9f92a6b95cad91

SHA512
f8a802ca585ae6590f001cbb568cb4e715a626b155dd20c754b57b4f0755ff1b59ec905eda0fa8d2fbb6ac9ed631a66466d3b88a788fabfce3ca2f5ceb6d3faf

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\app.css

Filesize
19KB

MD5
48e9e317eb2ed85e6ddf47cfe8f20d5c

SHA1
4dde9719b00a8c8fefc60affba094e5becec24fa

SHA256
247c5014391645c7556110aa2e3c59f0bb28c3ae468f85a8507326d95a84252f

SHA512
911c97e0c780040cedaff1de9073446c006c6517da8ae5e4ab0942597aac08e260fe77c2c938ed4362634d92475a220b9dc8a97650164e50bf5bb93a7c299756

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\app.js

Filesize
630KB

MD5
562ecb37fbee84a3aa3f03c9c8d26014

SHA1
91452a36b53350c7c6e8e299e6d23988d5597995

SHA256
aedf2fff6f8ea669ea4c1925710a5745d5d24f91a2366f3814ed3089d6975c52

SHA512
1dde7da367f038e3e5f550cde9eab743e38b746a527473da340ee8b8c85255868984fc086402fbbb0a8973624c7844366ff4e2ff8922756eda4e5fe0765c67ec

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\fonts\fontawesome-webfont.eot

Filesize
161KB

MD5
674f50d287a8c48dc19ba404d20fe713

SHA1
d980c2ce873dc43af460d4d572d441304499f400

SHA256
7bfcab6db99d5cfbf1705ca0536ddc78585432cc5fa41bbd7ad0f009033b2979

SHA512
c160d3d77e67eff986043461693b2a831e1175f579490d7f0b411005ea81bd4f5850ff534f6721b727c002973f3f9027ea960fac4317d37db1d4cb53ec9d343a

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\fonts\fontawesome-webfont.svg

Filesize
436KB

MD5
acf3dcb7ff752b5296ca23ba2c7c2606

SHA1
b5483b11f8ba213e733b5b8af9927a04fec996f6

SHA256
fc378232f9dad500890aa9e0bdd030a53d2f317d517393a3b91400b4ddce4c7c

SHA512
ec518fb51a29732a7294430841c7acacf1be42652ddd23fd277f3fff110eb84f5a54fa88ff82b1bd461a8c44145847f9c6bfc98a022106661e26237e18048d87

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\fonts\fontawesome-webfont.ttf

Filesize
161KB

MD5
b06871f281fee6b241d60582ae9369b9

SHA1
13b1eab65a983c7a73bc7997c479d66943f7c6cb

SHA256
aa58f33f239a0fb02f5c7a6c45c043d7a9ac9a093335806694ecd6d4edc0d6a8

SHA512
9ffb91e68c975172848b4bba25284678cc2c6eb4fb2d42000aa871c36656c4cebc28bf83c94df9afdfbf2407c01fe6b554c660b9b5c11af27c35acadfe6136ac

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\fonts\fontawesome-webfont.woff

Filesize
95KB

MD5
fee66e712a8a08eef5805a46892932ad

SHA1
28b782240b3e76db824e12c02754a9731a167527

SHA256
ba0c59deb5450f5cb41b3f93609ee2d0d995415877ddfa223e8a8a7533474f07

SHA512
9c776dea55a01fd854ea23b3463d9ac716077d406ecbe8ed0c9b6120ff7e60357f0521ab3e3bf9d4e17ca2c44a5d63ee58a4e7a37a3d3f26415a98d11c99e04f

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\fonts\fontawesome-webfont.woff2

Filesize
75KB

MD5
af7ae505a9eed503f8b8e6982036873e

SHA1
d6f48cba7d076fb6f2fd6ba993a75b9dc1ecbf0c

SHA256
2adefcbc041e7d18fcf2d417879dc5a09997aa64d675b7a3c4b6ce33da13f3fe

SHA512
838fefdbc14901f41edf995a78fdac55764cd4912ccb734b8bea4909194582904d8f2afdf2b6c428667912ce4d65681a1044d045d1bc6de2b14113f0315fc892

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\chrome-devtools\LICENSE

Filesize
1KB

MD5
1f754b62eadbb75b6ceb355e84e6b1eb

SHA1
0fbd8a8be6204a84d7b065cad809f780285b46be

SHA256
df0d584505db4ad688f12577bac88e1936c0245df4a0cdcc317415d76a2722e1

SHA512
67d5d5d6da349ea3ed77a6084dbb2c90cdb908d8a343c7aab2ccb3388f4af9b653bb5d98c968d9a4a1593aed92e297efc0b108f961f2ceedf57637b465a437b8

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\chrome-devtools\resourceCSSIcon.png

Filesize
1005B

MD5
8a008c9e67ea51271f7b6e007f37b9e5

SHA1
ee67e99087b3d70c759a439d5f8f0da78c0b2043

SHA256
cfc1ee164016049aad1e14cb4008be8f8db76701c44f4174aab39d7448a8cce5

SHA512
be3371d25cbf4d538b7e649d5a67a4e35aca9ed754824e3502ef1e2e7fa6a5f1fac91975781ba560b7311c87d533a7537587c5eaf889735116f999ac5d971da0

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\chrome-devtools\resourceDocumentIcon.png

Filesize
951B

MD5
813a444c36cfb1aeaa653f5a50a8379f

SHA1
a813d3770da6e987bc670687f3c5efff41df8e7d

SHA256
02688c952499b6630d7c2d2cc069f35dd9a7d3bdc6efd36e19c757a700f7df26

SHA512
b5c93a192bbeb3917f0fdd56f76cba315db5f856a0ad9b7886ae0b24d1f5bfafba35ba3cd666407ccd7bbeafaaf71416a46ae5736d1e963a1ed295041a2ee861

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\chrome-devtools\resourceJSIcon.png

Filesize
787B

MD5
a734267cee5e83d1ddb53a1c07d058bd

SHA1
bf54186128a824d126180bc204f2cd519dc7a469

SHA256
26de56a93f29249d0ab05f4ca756e4460bd90745f6ede601d49f4ff889f34f18

SHA512
e8310694103336ea3e2e9e139fff926608cc04c6b4edb1d37eb05bcd14ae1ec469e30a891cad0a96b59006a0322a59dfb6a5257a4a0a43f6cd4b860fe8a4e61e

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\chrome-devtools\resourcePlainIcon.png

Filesize
295B

MD5
85c0f518ef6d67c164e8c1ca273fb82e

SHA1
5661be05982e04c11cae4280d451065a709b0bf9

SHA256
1d62b9974fbb05378b909ff7cb825496c0cccd5498b8ddd3df9a52ca45364eb1

SHA512
17ee7be3bb61cb4ed1ed51f9b952fe1d63659eacdd47d6590563dd8e198ad9770a950e297e011e2ded4138416c5f4ec5deee34044f37257b26053ca40c7ec44f

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\favicon.ico

Filesize
356KB

MD5
e4ce127909d4697b97bf404a42e7c428

SHA1
dcf1ad41b43788e6d863e529605a27c2c9906c75

SHA256
93f546d6bee5a1ce7d5fb5adb4926c6e698be6746c2a699342d22f62c3107568

SHA512
1c41259ea122bb8df4632bd7549a7e33f75f45a6578d9754b6bf2f8546145aff164589ce6f45408caeb3f9e23b7279b586d7d6f852b3dafe398faf3b6d3a535f

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceDnsIcon.png

Filesize
1KB

MD5
d49915cd20b6e21399394082fbda2d10

SHA1
91393f11d3daf7b862742f792eb170d7dc1dcb46

SHA256
b50fb89cd134c13b74fd1f47c99194b24b1efc42ad63f012d8beed6f4b3605ec

SHA512
c00f11ad612b521f7cb307d409f6580cfb99073b93912a40f0fa372339f3cfcd74cff5fe1c1104646cd01377d6db962e69fc1a405f1db9cff5075e503f73e130

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceExecutableIcon.png

Filesize
853B

MD5
dec2fe44a945f837ab107d2a87ddcb9e

SHA1
c21c5e6400e3787b65196aa51108134511edfce1

SHA256
d516001a460fe8771812c04247faacd322d909414074b6244bdb4b64305c5fe5

SHA512
c4309105ad8a4a07c1c136eb3f29c898092c793b7080310f82f5081e01090b1653b40f6f9041d6aa63a7a62f2797a4a6b43b9f88940723064109629b41a6bd54

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceFlashIcon.png

Filesize
921B

MD5
55053466cebc73e5165790b3d346c15f

SHA1
4dae44d630a75d86b218690afaa6d361e0830111

SHA256
fee2767577c137b2ecb25fc14158d03038f0581dc82c7a7c51dddd4e708d8256

SHA512
16120a1b4b3641ebd12f78663c45b8189a47bd58ee3b7bb39c3e20e61f302fe96235f9a02bd240d77df611a3b81b5c81189374831b87828b8cae4f493237a9dd

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceImageIcon.png

Filesize
976B

MD5
b554ca92e0939dba7531259e61b17019

SHA1
9a990ce4d4681dea103e136c18ad542a1779a850

SHA256
3ee5a1c84e5b3510a2a44a429bac7c11d4cb285894a7b3fdf23d1f6f83c1eea9

SHA512
858bea9de80d515d8f9604aae20fbaac5efc96edad1e9cb79f2443ddc80ff3c331fe27fa5388855b4d33ff0588ffb5e14cf0492fef8713e789a2b7a985db3823

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceJavaIcon.png

Filesize
861B

MD5
9e4914182914335b72be754f4408ff36

SHA1
4e828e4cf747397e9d0244710f9692b876d637ec

SHA256
7666167417a27e159846b0aef18215d47815446f1ad38a293bd3dd6ba455f645

SHA512
8d8816bd8eafbb34f4de3f1b89c934892372498d093f46880e8ceca49e7bc4298abbb6c17133ba6ff3ce92f41c630593ffb0c591232775e7460a89e5869ce775

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceNotModifiedIcon.png

Filesize
1KB

MD5
09067ba313fc3bdbe3ec572093f943f4

SHA1
85464e31414f4c62bebd4f270b227cda3cf7ae10

SHA256
49ca38f8721e3d61da9bef34c7d4403c30d620d9c3365b150ca9132dda6bec0d

SHA512
9958e8a1cd5a2991945c928a50bb53d7543e004b8a87c3a1fe5e102d9e11aaa142cf154aa8ebbb60cbe91d36f0355521501f6fed0dfea08c753fc2c13827e553

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceQuicIcon.png

Filesize
1KB

MD5
edcfc0c1fbd07e825fb78d5d37f8ae61

SHA1
08a6c1f88e29de6f2e99fa224dfdc4c525be9751

SHA256
b4b02a0a6ab3a613b15580bfae4d9fac7da9756a889db967080fa49f9e6da193

SHA512
377b07e654b37121b0a5fa8f5bb4fd261cc405a139114b2ae7562cd5c431005e7d0009736469558cc8d67b39c81aeb266d2f144e4810b11e9338620567ccc5dd

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceRedirectIcon.png

Filesize
1KB

MD5
54bd25f833ffe30d752f1d9accb48dfe

SHA1
83217788cbe81c7f8c20ff808393bf2bc712fb06

SHA256
2ea48cc666fd979a9418a82f716a673951351b3a4c6b0e5a92c5ec17f2041b50

SHA512
658a546460985d0a6ef8e9e60617345a2f1d34e63c9701f3fac0442f6378803e4f4540170fefc4f06c483d228b2892549e7a7a477bc4620f184c9d3fedb6e0dc

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceTcpIcon.png

Filesize
1KB

MD5
135f11a22111f968a227644ac788bc4a

SHA1
87e39f1a2eba9fd986bfdce33b4895cf9169d450

SHA256
055da7085329063e300fa70e34f648c459a4566dbc7261956f239240f9bdc055

SHA512
01d887cf281e650dd8a6b36426ce6d4aac671a305903a878043634ac9c7a3a15d1832047c8fb8ae098de942dbaa4c04c0827d9b25f80682b406de82e3b3b89ef

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceUdpIcon.png

Filesize
936B

MD5
3d27855fa593a121a3c13c6a2ea02f36

SHA1
f4c793dc315f7995281816f141830ddd7b0871fd

SHA256
5ee48e868f3a73807340b5e545c81fc31124b494226e6588f3c57366d938df9a

SHA512
d9b674b8769b22a205b05155068e5c84059132ca67cf7085a68b010238cf6ecffd51b41a057e22f916e2827aacdfa57339047a832054e954bbbd14722047cd29

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\images\resourceWebSocketIcon.png

Filesize
1KB

MD5
3d8af5d5fa971584382487cd4a976f09

SHA1
5a458996a7ffe6cb7f328fecc48f842781380fba

SHA256
979bf7e796517ef7c8df8706124b7554ebaff3b9e8e45182161bfa636908ad15

SHA512
bd112102167e877b34e862d8745783de45785b9032879aebe906b800cf4e682ee8da64a5de4ae90da7947e8b57d064961f545fca067dc5b0b341f925bb363534

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\static.js

Filesize
23B

MD5
b3324ccfbbc24903c0d1a52f75e45357

SHA1
6370812946d28e94eb3271944994921d2549ca90

SHA256
ab95bf033b063b83f38803aec45bc85461a1c118c3c89f47295ce4f418848645

SHA512
affa7dac3659e192e86c55a9396d0d899eea25c4f1811d77a1a69b8f9e9b43bf7f1e2358c76568a19b5a4e8a876fd5971b950248ebeb3b78ebcc38f1a28f4aa7

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\vendor.css

Filesize
146KB

MD5
77dc87aedbed6d72ba515875eba03367

SHA1
035594b69e346e4a4faebb16421d016846088bc0

SHA256
55acea3ff86c36dc5d3ed0dbc8caa5f8032822aaed6fced31851a6de3bd17f61

SHA512
1a18b664c543bb513eebfddc7d529838e1931ca094e7f32728319e67e56362e4dee50b9bf3418d340636436e3e0bf44c94b19661debb9c21770e94f2afc711e5

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\static\vendor.js

Filesize
433KB

MD5
122a138da24505f49be05fce1a5cdb6f

SHA1
5005b4431e79d7a6ff8b6052a01d8a7b130372c4

SHA256
9acc49a970f16b844fc2817b8fd62ae9682f1fdf3781934cddbd6732cf80d451

SHA512
042f3c415237bbc8c146a1cfe8445db3e6ab0a1fa518e388d648e09e1ea825a757e6b23d1e52a7d6af17e2c8cb098e04198e33e43ea7d8749dac9599ab308971

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy\tools\web\templates\index.html

Filesize
524B

MD5
9d4c073a265c13ecf0d5bdb89c84409f

SHA1
78f838c591ddcd8967daad317521d2a90b450ea4

SHA256
876562b933f7de43a3d6562a7eb667f51f8ff7530750b0400dbd1552a557c28c

SHA512
e691cbc49cf1563518368c25806d8e643ec1ed4d89ad241421b505672623f14d3c9d41a00bbf3ad8f4303edebfb727533df4b927e297a93e13f4184775c7fb56

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy_rs\__init__.pyi

Filesize
3KB

MD5
446b026352b897b6207f35bc055ec985

SHA1
0d2c2428670cf32f54f028f2d9eadaae5d700521

SHA256
f4cbc66ac5042fa39a77f0980dc2888f2016a32fe3fabfdde65f6da15f2950b4

SHA512
c9e330983270d07651286e7eb650caf4a8d657d6aefb95473c15d753334f8432964a8e0d0f3c30c7f1a91af6b0c106327fee0f0de99aef5e16cb8889fe705002

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy_rs\mitmproxy_rs.pyd

Filesize
3.8MB

MD5
5ccd80ee066d58e759d987c44ff924a8

SHA1
65018477bbc68f6ac9f432130b9a0116f59ecd55

SHA256
e4b5be946eeb45b3f2453d5bd45dd3ea8f2069965a99cd6d6cdbfaddd6ac2baf

SHA512
d9402e2ce9d3b0c2f5a277dea22872f9311026a43556fe445805eeb96dd667802e3ff6d3963d28222a67d92b8ce3d5ea4af12d8fd0eadf68af158b982f876fb4

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy_windows\LICENSE

Filesize
61KB

MD5
97c3dcfda1b5348ef0bb8bac94f2919b

SHA1
7ee34ff15d940862ce7a6874c2b12904f2b75b0a

SHA256
542e02ca56c33aea103ce84a8b874b0b15e25b9f559d9bf578a10652f824815d

SHA512
601b96ca085e2cca44ce8b491e9b6dd4411ce49790fa749272ec961270f3d3c0cac361509d91beee7eb3cd1c0e08dd40928f79eb498a8ee8c575e0622f991e4b

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy_windows\WINDIVERT_VERSION

Filesize
7B

MD5
980c11d5647d82e4a3ddbc17acd92dde

SHA1
7ec86b0d528f50bb45cbea607b73d85e74858ed3

SHA256
5591e65777244bb111f80b7e802164e59931d196beece41fc7ee17542e8b696d

SHA512
70e287775ea892950355acb75b527a0c569de40a098a6158658db7d051de0762c2eab5d462848ad990d2963f145e284f3ae7a65decd025abd5f9cf42a027a97b

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy_windows\WinDivert.dll

Filesize
46KB

MD5
b2014d33ee645112d5dc16fe9d9fcbff

SHA1
aa69498562d350f2de06954b133e59fac1e57002

SHA256
c1e060ee19444a259b2162f8af0f3fe8c4428a1c6f694dce20de194ac8d7d9a2

SHA512
37014a018b9cd91b2eaeeccc7c5af3838fcae4d4fe6bb50c7ae32cd5c99423965a3e3efb29499324f6885b8f0c2ee2952cb75ab73db4e8960811abcb46801f15

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy_windows\WinDivert.lib

Filesize
24KB

MD5
5fe307f87206e2f05c5bde29e418badb

SHA1
3599adf3d798f5e6ef1b6ff854f4d44fd318d60c

SHA256
c5678d544eb0121a189d1139f54e0c67854dc64d1c897111a27ef2e52cb38eb3

SHA512
b77db43787fc9bf1ab3b0eaa169e747197bbbafaa0e8be8d56950361921144f8e27d443e728cf3f058282c72172f7d50d0f435c9584d0517ac3b535ed6344cc9

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy_windows\WinDivert64.sys

Filesize
91KB

MD5
89ed5be7ea83c01d0de33d3519944aa5

SHA1
4c9b9c74529399abacc2284de1dead5f2332ee9b

SHA256
8da085332782708d8767bcace5327a6ec7283c17cfb85e40b03cd2323a90ddc2

SHA512
be6530fa0e26441441028b530cd6fc4f900448916e137f92613a1f886c16399d415ddd17f7f8847258cc19c63b1510f2f3068942203c50486e48eed838f9f138

Download Submit
C:\Program Files\mitmproxy\bin\_internal\mitmproxy_windows\windows-redirector.exe

Filesize
990KB

MD5
3c38e64410a3ec56061f7cd6326f2e8d

SHA1
674f7a8c56f36881c6922e08ddd5105904de91be

SHA256
84e7c1a4db3811295f77148cf321acd8d577b98f1edc4c3275782d52c409c29a

SHA512
5c858000951a749f7afbc62ff3bc3cacd255b6443786b480d3b45dd047669b8964684e1e9ed1eadd4702bb094c72d46b3452d6f2fb24484bf7284d7d111f9d57

Download Submit
C:\Program Files\mitmproxy\bin\_internal\msgpack\_cmsgpack.cp312-win_amd64.pyd

Filesize
132KB

MD5
ca61906da0bfc8dc0cc4bcac02134cff

SHA1
c90dd9f802675d96de4385e71592d087789f3364

SHA256
9b9a5408001dec5e7cfce8846d8467b199679e4a1ad77e8a8dda0cf11dff3d8a

SHA512
b035882d639ed75a8ba3d5ce504ab426b66e0a19b01a67f13ef8161f1b7c4d621c376890a40108ecc0352cb3dada0c669ca5c7583f68553c94003da3daeb8b12

Download Submit
C:\Program Files\mitmproxy\bin\_internal\publicsuffix2\mpl-2.0.LICENSE

Filesize
16KB

MD5
00e957bb368cb8b34bcbc6f2bfd7aab8

SHA1
934a8416b04aa41e1df376def14fe7e94b51eb55

SHA256
b2462e602b8aba362f2feb5e523e5b3eb58d3a66b9f92b73eba528827773fbf0

SHA512
c6200bc01e4f57e217d98c7b5868ca299e85179517e2f9848e8d419cef92c3dd534938d46d13262c315f84e57eeaf7353cacba50b42da48e293eaf5d4821654a

Download Submit
C:\Program Files\mitmproxy\bin\_internal\publicsuffix2\public_suffix_list.ABOUT

Filesize
309B

MD5
ab4864f31b8227d308af8a0cf9567641

SHA1
be7b30c71e43b6bcd7def2d82ae20b035ad9f9eb

SHA256
a43bb92893ae8f9470993550571b9e2005b7a66bc73d0d381b529bd027c2e131

SHA512
aeb87426901b8f1374c4eb9b9af9b1de149260a7a8dd5f993814e1e4421ce085989a2540f302369d0a5d42a66efdece573a62da1505decd422fd0d773afe88c0

Download Submit
C:\Program Files\mitmproxy\bin\_internal\publicsuffix2\public_suffix_list.dat

Filesize
212KB

MD5
4c33ed83b42bff6d38403cf8a845efb9

SHA1
2068b5b35f18517dd2c4dc95fae25ac9ae146219

SHA256
76e4a8d1e76dae8db6da3829024108c02203c4e4b5a4301b5717564b05c7966d

SHA512
2d9a2514166fdf675efd4a03b3a96bb42bd206a0987bf87085fd58c74d0e475d2a549e119b160a00577f463f701713c6dfc389d0ecfe16aae44db155cf241f44

Download Submit
C:\Program Files\mitmproxy\bin\_internal\pydivert\windivert_dll\WinDivert32.dll

Filesize
17KB

MD5
ac68537d316919a78b57ea6f90be7cf2

SHA1
3e3bd7e5c24c584248388abcea1b811e8201eda4

SHA256
d8700874a27ff3ec11b726313bf3a69448991784bfc0ef5adae3625b636a1b38

SHA512
5ea0ebd973c052806aac97ae5d7e5fd2c9e8eb8874b9b5ce051100074240b5563b8d3b6d869242d385fc14370b928d6ce900ffd5eb49a10f71a8678aaade02a1

Download Submit
C:\Program Files\mitmproxy\bin\_internal\pydivert\windivert_dll\WinDivert32.sys

Filesize
39KB

MD5
ecab976e5b0434685524ba6d534301a5

SHA1
cbd9072d35b14dc67c88f40721508758c8d53dee

SHA256
bd27499533e42d64bcab52a018add1e361de02f04c4b1d16852cb643bf4c5755

SHA512
f6ad9b69dadbd634770667057d454f946c46e15c57a888bd25f11e5166532814b68c2e12ed67cb5a93006ebf58ea859a5b8e9b5a12a2d1cba954223c8bc15efd

Download Submit
C:\Program Files\mitmproxy\bin\_internal\pydivert\windivert_dll\WinDivert64.dll

Filesize
22KB

MD5
ee42f18f56e8ab20103d0eacc6cb3056

SHA1
8f75e1e7d1d1982d8bd57026d76fade124fe51f9

SHA256
d0d8e5806952ce8f321d106551c680afe5a074cb9366a54282ff83397c64c27f

SHA512
7823620af8ec86b4dc4f4e5c77c7adf6bbf44405f6074629261c2067691dc72521fca44066f998033f40b8ef79b2361a7d5ada1e16c48943fab8e1a7c5f508e7

Download Submit
C:\Program Files\mitmproxy\bin\_internal\pydivert\windivert_dll\WinDivert64.sys

Filesize
46KB

MD5
d6f42128c81965e12578feca7dac500f

SHA1
5c4576bd6409d797334ec17188efe696c9cc97fc

SHA256
9026147943bd44a1eb5e2f0c89cc8f441c7d1f13c1571aba54e262d2e7354798

SHA512
6fd544f2dc11fbae6492157dbdf07effc5a3080a14350d909542bdef974dfa8f7f4d346506086ba0ee90ecbd2f6b107dad84df17e4825962ef51a135c7b4ce93

Download Submit
C:\Program Files\mitmproxy\bin\_internal\pyexpat.pyd

Filesize
197KB

MD5
958231414cc697b3c59a491cc79404a7

SHA1
3dec86b90543ea439e145d7426a91a7aca1eaab6

SHA256
efd6099b1a6efdadd988d08dce0d8a34bd838106238250bccd201dc7dcd9387f

SHA512
fd29d0aab59485340b68dc4552b9e059ffb705d4a64ff9963e1ee8a69d9d96593848d07be70528d1beb02bbbbd69793ee3ea764e43b33879f5c304d8a912c3be

Download Submit
C:\Program Files\mitmproxy\bin\_internal\pylsqpack\_binding.pyd

Filesize
847KB

MD5
480d8f69b981e162bb2cef52b9b02c3e

SHA1
0317e310170757083674a1d57462eedc066efad6

SHA256
9bed53d6e80c6023ce38bae57df9b2a799a9d33e064d7bc7c448714b5679ebc4

SHA512
ee263d04445dec719b3ad1579331adeaee2b697fb9d95bcb97ceacab033c1d963840d29f31dfa242ef3359903f0d00b87a0b0ed8c45bc35c541fadbb7ed754fc

Download Submit
C:\Program Files\mitmproxy\bin\_internal\python3.dll

Filesize
66KB

MD5
a07661c5fad97379cf6d00332999d22c

SHA1
dca65816a049b3cce5c4354c3819fef54c6299b0

SHA256
5146005c36455e7ede4b8ecc0dc6f6fa8ea6b4a99fedbabc1994ae27dfab9d1b

SHA512
6ddeb9d89ccb4d2ec5d994d85a55e5e2cc7af745056dae030ab8d72ee7830f672003f4675b6040f123fc64c19e9b48cabd0da78101774dafacf74a88fbd74b4d

Download Submit
C:\Program Files\mitmproxy\bin\_internal\python312.dll

Filesize
6.6MB

MD5
d521654d889666a0bc753320f071ef60

SHA1
5fd9b90c5d0527e53c199f94bad540c1e0985db6

SHA256
21700f0bad5769a1b61ea408dc0a140ffd0a356a774c6eb0cc70e574b929d2e2

SHA512
7a726835423a36de80fb29ef65dfe7150bd1567cac6f3569e24d9fe091496c807556d0150456429a3d1a6fd2ed0b8ae3128ea3b8674c97f42ce7c897719d2cd3

Download Submit
C:\Program Files\mitmproxy\bin\_internal\select.pyd

Filesize
30KB

MD5
d0cc9fc9a0650ba00bd206720223493b

SHA1
295bc204e489572b74cc11801ed8590f808e1618

SHA256
411d6f538bdbaf60f1a1798fa8aa7ed3a4e8fcc99c9f9f10d21270d2f3742019

SHA512
d3ebcb91d1b8aa247d50c2c4b2ba1bf3102317c593cbf6c63883e8bf9d6e50c0a40f149654797abc5b4f17aee282ddd972a8cd9189bfcd5b9cec5ab9c341e20b

Download Submit
C:\Program Files\mitmproxy\bin\_internal\service_identity-24.1.0.dist-info\METADATA

Filesize
4KB

MD5
696db03e1585cd6eb5ad099b09554f06

SHA1
4091e83cb5fd9f38b34874115dd941a2bc39d9cd

SHA256
c721ddf5b75007b1b0bb9218c6b23add131fd3e92311efa06b3da93122813d48

SHA512
16112f0543a5259324ac7a0f6c3e53a178772d73302c4df1b7c8d4829574e44253c64162aff6fa483fd4c0d96fff25f661f117a01cab4c6c2a295e79cf525732

Download Submit
C:\Program Files\mitmproxy\bin\_internal\service_identity-24.1.0.dist-info\RECORD

Filesize
1KB

MD5
c0056f3d7df494c36c5dafc0089a5b6a

SHA1
db9c91b1c17a889bdd0315c1ae2c0cf04cc959d3

SHA256
0964fd442b6e2db5dbcc2a2dbe61b8107eb30a9be54df99aea20978cb8f17bf8

SHA512
646b5108f714d67b60375f71e90f2c521c2f02a890a3514f61b6588258005a5abf594f8e88932513cfac6d8835866fc627a04856a81aa27c745dcb694ce375d9

Download Submit
C:\Program Files\mitmproxy\bin\_internal\service_identity-24.1.0.dist-info\licenses\LICENSE

Filesize
1KB

MD5
76edce6a3fa1b82b0bf2b6ce174c19e2

SHA1
eac86a80b06f8e205c0fd8fd85f3abbae4d0fd64

SHA256
24bd0a9ba7d0eae08a3a6e32a1b09f8e6871fa0325520a2fcb00e1539eaa602a

SHA512
baecb43d3122247fc134a5c30a0af8bac0fb6d728711cec6792a88668e909bbc0d3d2ae1c7cba235314343eeb0426163329e270f8f4b6d32bc073f6208fd4ff8

Download Submit
C:\Program Files\mitmproxy\bin\_internal\tornado\speedups.pyd

Filesize
11KB

MD5
3d09ea311c70bdf63948744c1762f486

SHA1
7686f25e39746d1ad33fa0a0bbf4f0b152e43976

SHA256
587bd75f1ecba358773571f155f1b134ed78dce89465ed939ebf67cd32e53bb6

SHA512
6ea4b0677c0813e059daf47489a79c62c6bf19534bd6b70c87aaf09a6a471712e01efff3e88613ed21080b19434d67b0ed1a6f39715c96978b7b663ef1d8acd6

Download Submit
C:\Program Files\mitmproxy\bin\_internal\ucrtbase.dll

Filesize
984KB

MD5
6914ef1fad4393589072e06a4630d255

SHA1
028669a97db7c007441ae3330767968544eba3c6

SHA256
81c9b5d54e1b1da192f4a167f7e06439e36c670a99af2f1ef056e0959e85de57

SHA512
b682c749d6f2ed56d69ff4f8520899638fa6f436b2af8241db686ccbc606d23d4e77721222ab7ad863336d5e5aafa1033b94f550198a1a083af5811ce8dec004

Download Submit
C:\Program Files\mitmproxy\bin\_internal\unicodedata.pyd

Filesize
1.1MB

MD5
cc8142bedafdfaa50b26c6d07755c7a6

SHA1
0fcab5816eaf7b138f22c29c6d5b5f59551b39fe

SHA256
bc2cf23b7b7491edcf03103b78dbaf42afd84a60ea71e764af9a1ddd0fe84268

SHA512
c3b0c1dbe5bf159ab7706f314a75a856a08ebb889f53fe22ab3ec92b35b5e211edab3934df3da64ebea76f38eb9bfc9504db8d7546a36bc3cabe40c5599a9cbd

Download Submit
C:\Program Files\mitmproxy\bin\_internal\werkzeug-3.0.3.dist-info\LICENSE.txt

Filesize
1KB

MD5
5dc88300786f1c214c1e9827a5229462

SHA1
c4dbdbc12926d4d52c9156e690640f372615c234

SHA256
3b49dcee4105eb37bac10faf1be260408fe85d252b8e9df2e0979fc1e094437b

SHA512
b4194f6fd9b424f15b2c08b18373cd605515d6d4f26238ab039e5ca7bd7c0a528975118fb9e5c3271526ff3092c9c5dc65dac4b65a2fe08a33999329703618db

Download Submit
C:\Program Files\mitmproxy\bin\_internal\werkzeug-3.0.3.dist-info\METADATA

Filesize
3KB

MD5
1b3faf9df18e01e2990196729358c857

SHA1
29b012e9d6796da81560a1a0533d55fb6a4d6c4d

SHA256
aba77009f5167f8fb4145724f6653c61f732d831b6f535ca1b7bb4612b28acb5

SHA512
7edf35ace5f1fda17e85a34daffa9bcc83c381242639d92c45774b0bbcdc0785e3d828c3a56d12d16997ad4e2dcabe8d413ca4b59e624eb0e1ee6ea637ab16fb

Download Submit
C:\Program Files\mitmproxy\bin\_internal\werkzeug-3.0.3.dist-info\RECORD

Filesize
8KB

MD5
e3dec2859acc4b24edf12a6abe10f38b

SHA1
6c4aedbae073bdfb95815ab5045042468a62e2e2

SHA256
4405cf4836dedcc2ef63cbec6030d851a7505200e640e5006c3e2a0ce1d7a54f

SHA512
69a01fb2a5e03d6438764005f3e58c480392cc37c2f04343f62e8db7c14ae5f4300520c5e491c5fa33523e63337c0aea9572b56b9d781d09d3fe2e0d7b593fb1

Download Submit
C:\Program Files\mitmproxy\bin\_internal\zstandard\_cffi.cp312-win_amd64.pyd

Filesize
635KB

MD5
afa2b9e9c7153750794acfdf4bd0e416

SHA1
19c521d35dcf6bc1546e11ece12904043be16fdb

SHA256
14db1d573f7ba8f41563bbc7cda6f1a46e5f86c1b7096d298593971a0b1c6c60

SHA512
38e2ec7f45c6ac7cbc0d5ab7ca94ddf47fc72067507d699fa32f42aa8a4187579724645e45042929140c832c83457011ef83914e397d6f8713a6e018b2823c6b

Download Submit
C:\Program Files\mitmproxy\bin\_internal\zstandard\backend_c.cp312-win_amd64.pyd

Filesize
508KB

MD5
0fc69d380fadbd787403e03a1539a24a

SHA1
77f067f6d50f1ec97dfed6fae31a9b801632ef17

SHA256
641e0b0fa75764812fff544c174f7c4838b57f6272eaae246eb7c483a0a35afc

SHA512
e63e200baf817717bdcde53ad664296a448123ffd055d477050b8c7efcab8e4403d525ea3c8181a609c00313f7b390edbb754f0a9278232ade7cfb685270aaf0

Download Submit
C:\Program Files\mitmproxy\bin\mitmdump.exe

Filesize
9.1MB

MD5
7a7934599612aa006de2bfab8d41e3ca

SHA1
a6443b58a1fe87a0a0a40bebfe68fd447575e36c

SHA256
b19df3b947cf7de848948ee87aaf3ffb64ccaac2c8d09792594b552ed5dd862a

SHA512
d20d8d6b59e6e0f60f4491bf6ce17acfae578b51986adb0c374b5139f3f6afe4c4df451785085ee08537a6f9c2596b3f665c629083cad8bdeada745c1c18ff04

Download Submit
C:\Program Files\mitmproxy\bin\mitmproxy.exe

Filesize
9.1MB

MD5
fa92a4ae01b8280ba9d52a6895093091

SHA1
0311a70b75eb98f5def036e8005b9d60bc63c985

SHA256
7b14d843f9171081cce8e395fa99c1017aa4617dfe07760c5eec346f09190051

SHA512
166328f2ca18c2409708126100d917800c1af3d00b823ad951afd007efc70ec70c266a3eee898765dea3bbbcd6710005562146098acc85fe0e7c9b0fe37c63ee

Download Submit
C:\Program Files\mitmproxy\bin\mitmweb.exe

Filesize
9.1MB

MD5
2d9b61509c87afa5c4175490ab0d0ea3

SHA1
052e83d61b7cfe15a9fec2bf2486f7a9e5d66801

SHA256
89dd8c457c9b1e0b911adf8057796fd65385e6a265b867154ccba7c2b6700b06

SHA512
4eb46835b7842b10cb366c882fabd678a3bba5924a555d47d9ca3bf7ca354b36a50296abe605d44e98eb80b82e794ddc76daec36ff78f9cdd62f7a2193da7c59

Download Submit
C:\Program Files\mitmproxy\bin\run.ps1

Filesize
258B

MD5
fbc70af550d89ed7732b10d8a458b9ec

SHA1
bd452d8fb7742f4f49647c878431aac73e85f8f6

SHA256
718be30345992bfe55250007a6554b3265dfb9c354e35469b545a45a2a688c08

SHA512
110472ee6e3329ae13ed9cc09a884140ff5e0a973413940702d67d411087f1a9eecbc766d23bd21de04a85d5b67fca61a6d7755cbaf734730b909789db42cf22

Download Submit
C:\Program Files\mitmproxy\logo.ico

Filesize
95KB

MD5
0f8a699781bb4a5a204a467db88dd555

SHA1
c9c490ef62dcea49193aeaab23f15807e4327085

SHA256
ed040187e112545848bb115eb5fd16a85c2a0c89864bea5d930481518d05614d

SHA512
c2e23aaf4747ba011230527a4dce354c2326856d7288a9aff1f3796012e21f638757f6522be39604da0b73e583ab99aa3f0823a4d6b4159ab575203a5066ba22

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mitmproxy\mitmproxy.lnk

Filesize
1KB

MD5
525f90656f6b7e760b7ab171b5bd1de6

SHA1
06f261181a48f70a2a04e6c3e7de51fb9bad92ea

SHA256
f75eb8eb813ac3c704cb1ad171ae961113a5c52215c4f0259150ff193f8bd87c

SHA512
037b540532d092e6fba2482baab7f7f43137116f916be05a5abba5579f5b34ccd2e1d0017e24223d3ee7312a807c501f352cb21a5761a4a5f7d144bd9989eb30

Download Submit
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\mitmproxy\mitmweb.lnk

Filesize
1KB

MD5
f978da0760874b979f09eab2ba92480a

SHA1
2dd513861865aaf7c1e6cb4d8a3998674d902dbe

SHA256
22307be0214cd59285b69b3a392311d8f5f5acbad161c62b2240910fa15db54f

SHA512
e071f381088cb12a09fd489c3a95a93b902917a4f239b95eecb8e5cf3581b1f2ced85e6a76b5349d1c91162d7335f681adc518c8928310bc5d5150ea12b63e09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
d85ba6ff808d9e5444a4b369f5bc2730

SHA1
31aa9d96590fff6981b315e0b391b575e4c0804a

SHA256
84739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f

SHA512
8c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\694a6462-48ea-4704-ac56-de4a6dbf4870.tmp

Filesize
10KB

MD5
7eb7741e962c0919f3d7e39730a4de8e

SHA1
b486b54f63cd74c60280543b167e52f65b5b8354

SHA256
f0c8f6e1b56725d071375bb1819e772944e8ef40a5d2fdbb051106cd1344133c

SHA512
057ab86c6dc82b0d97637aedccda02e54de7ec1998e70eaaac428a034099fc0bde31fdcf888b188aa4905e821abb15ea5878a7d03ed84920e412bc8e7d5278a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
793d5df67dd2bdac5b13002fe6a56feb

SHA1
d7c7e4fc13101e854103ae0d372f6920eb1e6da7

SHA256
b89c6850b95a11456edd863216a85ff4f7d1b62941fb1f57ac975f821e7623e7

SHA512
0dec6027427b4980f58d5f5c15b2bbc8a3de5b1b65335ddea7656d0511d022e031f61d11dd18cb0abd2e22e8accec6433e6faaa00f4d7720a8d0e7b003baf8c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f86c4100387bf2641538dedb9e0d5b07

SHA1
549e86ba24375ee618183f4323bcb73672052cb5

SHA256
98b713daa29148ab8a183cba3772776e671b1a25b49be95f25b111cb97f24eef

SHA512
d9aaaf619d3cf2715858c3d7299b59fc9603693cc71faa4477bd9c05aa628361e40bcb1106aeab44ca812d4f983cbf50a7af8bc2a5b67a851f8f08b94efa26a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
76d170504bb201c007d58974b6836c20

SHA1
161c1f2a7e184563a79954f4a023a12c786f2b00

SHA256
51196b8a710f6291c32eeb4af7c299433174b989fe0d4900a6fe3f7bce519f50

SHA512
648bbd680e37566a2267ce77cd414f78631000d120bb092ad6bc2c5d0cdda7848fb63f89bd5120ea58b890b586099b884eed173ed47b389c4c7b10da39267545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
51422a23df82a3615f25cba50d79ece5

SHA1
be25a38a14db98ebc88b5713ef69e012eabaa212

SHA256
358c121c166ee7505e1775978c13c3091abe4b2d4bab37b4ebfea7f613cc374c

SHA512
9ed2da40b74423510373090b392674f49af781dd08a5bd727643b3b81aec2335b7796f1a0598eb666d7e76d0b220a4159174bbc1d3e96b3c3f6c706952a79fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aa8b2fef3928138266b3cb38a156b764

SHA1
3101fa28fa2219188fab8c5e1e18b5b0e70043e3

SHA256
c0cb309b112cac1b4610baefb6ed242bff5ed496bc367ad4892d56022712e8e3

SHA512
f2fe1e6003cfec47afd52e5272a4b92fda738ece73801557320f486b29de5f6ab039abaa24b02331ffabb02f53974d7e6ab7f5aa026948746cf8099ec4e79704

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\826765a3-ae3b-4c30-9544-8f06c167918d.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
891fad8b01368422f45e4c3799c91f4e

SHA1
81d363e2bba341f89619e5e46a53f3847cf0edf1

SHA256
37e886aff00fcd36bfbcfba4d3c4a7078fbd747b1266b045077d7599379c0894

SHA512
bf3f8aca71c3e0b480d6eca24d434c2692cb5c1d805839b4648c8ae25939994d5c7722d6761dc1a75e84795856abba43c7b0d6a06fa2e9511b74e8f404c8ba28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
c134eda1197d6aba7498afd45f07a0a5

SHA1
8df124c0743455821ef481fa36ae56d2742a8dc4

SHA256
433ba948d5a59979cc043512fb2b30d5da931ba6ddebcfc3923d0c8408ced855

SHA512
a4ab1076160cd8b29196024b74c91df025da43f3172e12033dbf817ec5c92515ec42d665d29e2ea5c01eb0935782e3599f6e612f421fdecb80ddab4547b1c9d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
29KB

MD5
11d6a02cb64cdcecc633cad761c6dedb

SHA1
7a9cd7a2423b3a650fe1ffc05d72b1336dec4284

SHA256
8de2322113b2a4cd1d50236a2fcd14ae7510a0d42bf27cc0270a87eeea54832a

SHA512
4c7a404bf34db313a5a5d74f6c63dfa72327008c30fab5264a7bdcaf0ea1569916eced1248549305d2a9ec298194fdb1e5c3872c72d6defed2a383a30868108e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
8c17e6023e24a79d0d75aa7db7cbdc7e

SHA1
24d97224c4b6502f21a256726c9bf25a9a046746

SHA256
9798ba9ee267a5c7020954cf1db3cb0847ff43ce9cea1cc60f07ac3a054d26c1

SHA512
6ebebee7d466fe7ceccdfc8bd19134f49f0b3f92a8e03925650de0d73b40cfb6cab4e70a72e5f6fd2515be55e20864e7848e1a29898f6a527bf48deac44ac07f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
521f9c1cbda8c09a10c76dae629a5c5b

SHA1
5800f42046497e9c73f002d39c3a5c40dd6c13f6

SHA256
33ac8f937883486c906bdc9908249866354ba45528a9f0cd9fadd8d0222dfe5f

SHA512
66d2e48e643ed189e35e320f7fe2af2cdaf844fd25d803842d3a57fbc63e9eb0eecc10b211667bd6309b578f6822e1accdc07fad0106a2e5785ddaf611621571

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
62f0821ffb1708d7772f979bd2636d55

SHA1
4ad545da6dda2618ab74ece4c51a89070002c5af

SHA256
8a7d1a9c82b833d2fa9cb94e49902fd2f56fbb18d74e2396ba434568cb4b74c8

SHA512
40810919f816f12528e2f2d55f351f4a7761aea4a20f9d46b11d9aafb5c882d972ae0b9577fae6ece0587789f165f517b9a63ef5e678da21d2815a0e9ae5ef00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b97b1b333f6fb3cb814030e03d691acd

SHA1
49acfdcfe3c65c8400f7d01077be855d8d929530

SHA256
94ebbb2217206985b663f3bb6d3b139f6ef244be3961155bb1eb62d8bfe549e4

SHA512
3b5099840407ade580d15fd425a2bf6ed430fd433b15c3e0943ce58b84ff93f5fdd2ef35c319e18d7d1e75b7b39098880fcaa238d6459d6efc364b7d64b2dc2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6612348cbf657f3e54362a6ffe706272

SHA1
fb8fe24d8f060632cbef62bc947f5c74c73195e3

SHA256
f73b47a1c074e87a9a4ff9d46ec107c261d8e7563006bb3316890bcd4a5b497f

SHA512
9cf6d424577ba4d1f3991127c4461d505fd80612d425391eae1e0440d7ab468929201a6fc1ee8646ca4e018df0317e304bcc751a02a345c86523508d131a9180

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f4f30cb7a77f82d5064e5141b99a8771

SHA1
56fc93953e2d67cdef90414ff2f7083d780b7993

SHA256
e2e89b4b181132b89e3c825bad9b19a23ce72eb2b7b0a29b544f32e63d1339b1

SHA512
9ebacb844b746695870d4df235048ff470f61b16ca38a991338f50607a56da8da643e80400ddb3c825c855a59df61ccf6c513292063aa656aae36e03d216c87a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8f10ccdaabccf6110533fc56741ea05f

SHA1
7dde75cea58eeef2b7146ebc9008cb35174fff13

SHA256
34bd32754f8cfb56dbf04f465947b7c9ed163938dd3030c1eb09643843059a4a

SHA512
a20d123639ca98cca71b7bbb8956cdfbf6fa108b752fe59c446f3c410f9a4ecc4585a5b3016151de6e851e468e4af85efa7ed10dbd0f97b088c2667824acd146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9669cdc5d911307f2be03864300fdb4c

SHA1
39a676007a7294f70866a3e8daf77d743da88bdf

SHA256
5c99d5322ff38cd2b0a189c480331cac40b563e2853338367f089ee95879111d

SHA512
4a86aec50767d3ac2edb25c026e9dd7b3e0cc5ec31626419e989fab75dbd3fa335032f5ce453314782f3d008b752cf331ff61797786cbc16fb6e3760707c276e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
73171e8596fb1ad143f9af3359b95c51

SHA1
29fe4559464359e657c607822cdf858c942b40a0

SHA256
d2a568fbeb8585adc9dab9ad988030cdf20403a97f00b7700cbe92c6902d4b05

SHA512
f5eb57e551935ba270cafcdcfff768b1780885b8c213d8ab4ea73dee349b07ad0a18748aa2de9e7b650fc9c45a843d581cf4fc6fcb9bc259c9b1c7efc2962ccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7039866d292b523173eba15504ba02a3

SHA1
b34b686a9276fe39d5dfe60516a286be6a4eb6c5

SHA256
58b871c0c5c1088d744666ca867abe8d660ed3a27d3fcf1719f9969307f7db09

SHA512
737ba8f52e5ac6959b1bb2bfc1f17d57a4240bbd9f3041814e338fb90220fac9cb106a875f591c5bb6921687ca297d36d72a920916c4dede17633000f02dc707

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f423d6f12372e77c84f5fac560c5b5d8

SHA1
bd4279eda390a7d864e0b20f7d9e07c94455ed6c

SHA256
3190e7b11f1cde34dc85d5cfb0919027b9ce03828a8a7d03278b8bb63c3635eb

SHA512
ec306e65a20d8f8d93f046e72274a11d9d35785a65282948136dde6a3986958e3fdda608b8a7c5e2575950d1d05bfb97d74aa6bee920b329c388f850fe95340f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
affa90bb409198478a582751654c1901

SHA1
ec0d096586234227a4bc295c3070d73c887e29a2

SHA256
ee16cee096099b0c22fca9cee9d29c08021a3a2cbcc8344e034994ebaaf5418c

SHA512
68d80fdd363acc7e2f1ecf6f8520677647e0de7ef91d5288e8db100a561e94906639fa17ace71d7396567c24125572dea2fc21f25e55d9f490de335e72de37f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0d1128d801dbeeed45238720c85d5e64

SHA1
725b3cec9cbc52ac32078015cfd0c266b1c4cd0d

SHA256
c984232643227c32d4245d54bd17ab3419e7968dc221c4ade2d333bbf1bee44d

SHA512
1d0bc97071d0ad1c13c2d253d72d8809b23d4b14a036f97030e25832b55f63ffef0f3098cd0aef610baf5b9c66391cf87fa82c1e482dbff49e77a93825aa5a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
8bf47da6f1a0347f8459913cfbc87a62

SHA1
7551f316bbb671688b1d36250613773d7302793c

SHA256
79034040b8489c7a55b098933636a8c4998432d5aea37b5dc5347e8dac7260ec

SHA512
562d215642facf16da0909684ec3bccced0155b07f16130e3bc0c71c00dbba0273e4026370e00470adc31e544c7396c2fa9c0118d411516cfe3a9c3fc4552324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1d68fe5f50aa0d2e8ff6c4295d1a81e8

SHA1
a519443246e42c5533240efa8e4b51489b6c1370

SHA256
30357f8d9725713fc54498cedbaabf08d6f735b08480a45bf0f2478a1406df04

SHA512
7b7e5746d086fbbbc47f5fac2589bcced33312ef01f8811b4264dd6eb0d7b61a542ccffa8894eaa9f00d40d7a370b2b1ee36245a8452b3a65d213c969dc7532b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f0ca05cdef807a370160bf4a0afe8806

SHA1
04c769dba27f4e465a2a505abeb13524bf19c4f6

SHA256
a1dad595450a612c9485ac5560318e51936e62c5936b8a7a101941f453ba2624

SHA512
c06c0f449e13bba960d7c630ab3411588b0c8fb298330e2b70b561278206193e79ee7a07ac77b5233b50a267fcd8ce21537f1afd9d1b7d9592664d891760c1a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
54bf68a162c98f0a53dd90658a8259e6

SHA1
81be97a5c630cb60e1cfd872b0c21c7e23c44e28

SHA256
03b03ab9a98406502cb2ed2f1cb9b2fdcd5632de43740d5289bea1e11edc4bd7

SHA512
face3673909626cdeb6a4b8bd51acb0f4c4c3dbcea628ae4cb6a09d83bdd9f357352f729b888efc32a92dfb0ef2cfe873541d1f43fde00b088223d69c775f855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d1812f922a01761479b86bc7593af603

SHA1
c643c4ba00031278ebd904133fd0a13bb3c54c8a

SHA256
b4c3e29c4e6fc5eae4a54d97dc286ad30b215b9d916bf161566e2b8f056416b8

SHA512
f90b87fa69141d0abf6556303749b55a00b9be4bc3b43e8601e042a21fd647b2d0cd96875963756e4e3ba3727b96d19a9d7e63610199cbfbc123949e2c0ce930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
646ae7b20185ed699499a454acd1a41f

SHA1
400a3e7ae8efaafb4e616d505db1e7d4092d98f3

SHA256
664ac6cd4d86ee0d2ecc93a1fbbb2db7e7b48607690c2cb5917b8398a15bf317

SHA512
e1ad44e051c95bd9b65735228ee6cbc787f6d84810310d546944bacdc81e9962199b601af102fabc79e4483c42cdc3669cc6cabe111bda85717e34800cc49cb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ede60f4c57a5222737eb5a719bceda23

SHA1
0c302e6b0e1cfd98529a6f7c2b139a670fe8b5ef

SHA256
a58c702af0a23fee5c75948d7354aa1aebc91db1eb61b3439543a4473f666724

SHA512
9cfcdedfeb9a3141201a1c36fb1c1509b8ad3c1bd885d5566c6ef029dd9bc011d6ae62c33572137d2d7f4898715069e418fab64456e3ece29310df34dd316949

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ab1d9cc8-b522-4542-9660-72920263f8ec.tmp

Filesize
10KB

MD5
e95e68993bd83ddd9acbff5d300fdeba

SHA1
36c6345b7b40168f015ef4a60789f228284f5891

SHA256
8f8377ca2b26581f0407ce4ac31cd7624cc4875c67b4c924753c25ec7d53c376

SHA512
690231fd99d2a2f4e0dea95722cf368be268ca8d2d57684d7d577a5445f33bb976cfc34d9b06cb7b304410d68cd841cdbfde68b06c7bf8d6244655b3429151ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
948B

MD5
c1a54dd5a1ab44cc4c4afd42f291c863

SHA1
b77043ab3582680fc96192e9d333a6be0ae0f69d

SHA256
c6dce870a896f3531ae7a10a0c2096d2eb7eb5989ae783aefea6150279502d75

SHA512
010f5093f58b0393d17c824a357513cf4f06239ccddd86c2e0581347ef3b8e7b93f869b0770bdaeb000e4fda7e14f49b9e45663a3839ab049446e9fe08ec535d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
6d42b6da621e8df5674e26b799c8e2aa

SHA1
ab3ce1327ea1eeedb987ec823d5e0cb146bafa48

SHA256
5ab6a1726f425c6d0158f55eb8d81754ddedd51e651aa0a899a29b7a58619c4c

SHA512
53faffbda8a835bc1143e894c118c15901a5fd09cfc2224dd2f754c06dc794897315049a579b9a8382d4564f071576045aaaf824019b7139d939152dca38ce29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
944B

MD5
a7cc007980e419d553568a106210549a

SHA1
c03099706b75071f36c3962fcc60a22f197711e0

SHA256
a5735921fc72189c8bf577f3911486cf031708dc8d6bc764fe3e593c0a053165

SHA512
b9aaf29403c467daef80a1ae87478afc33b78f4e1ca16189557011bb83cf9b3e29a0f85c69fa209c45201fb28baca47d31756eee07b79c6312c506e8370f7666

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
a31d58023920ad61d85cd0bdb2ac91f6

SHA1
5af589150146b2afb5086d5df09bdf69e423c775

SHA256
0d29fdbe6b1410ee4b711a3cb41e7c0ff7fc2a775847c91b0333945f72fbdec6

SHA512
96c62c15d78e553b7517af24bd33eb8a56f121b8744f2b8eb93ec27afd54023b9ccc4174c522f7e92916bb0961b9a7271332188afc0685d910df3db6252cdd1d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\activity-stream.discovery_stream.json

Filesize
41KB

MD5
e1afb3848531a2fc528e615f9029af90

SHA1
67f7d640ce13856426356397695e9684ba39c914

SHA256
f3ae82951bec6b7386925a76dcc324058d8e749e4837255364b16894c5cc8e2c

SHA512
b5e5e0e6832dd868bbb6e7db6790fee60233c95707bd2689342cdd3bc565daf3faf51b267ec4763e49f7dfd23ea7de16a6049558d5901a543963489a19cb2d5e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\doomed\2547

Filesize
15KB

MD5
64d6fd5e04b7adc197f77a9bee5317ab

SHA1
d30cd59a9db3f132b4fcdda650910af15756ac4b

SHA256
fa9f451e4971c5af63f4ab41bd31a07324b9d0eeb96eda0775d63493a4980889

SHA512
405121b1686be2f713bd07e3d022990d2b48ec7934ffe499d372fd2472077fbc4d43beb689753550be21ece07636a22d2cd24a5eab541c55a71e04320883fede

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\050DB43D78BBC79DCD9ADCBAE96500FE04597F1B

Filesize
84KB

MD5
cafc110eb586b3615ef6f3e68ba0258e

SHA1
40ccd9f7f6999247ae41f89148cbde3495e2e5ca

SHA256
9051513476ab3807163058f608f53b12dc1766e4a541d8dd0d18bcddf3545bd2

SHA512
9ccfab88b902bafa975769edfddf4845f976c605c8ebf2a5cb6dd82f3034bae4600fb2e9baad360a638c006c0446a7ca878c4a66d2651a4d6d63c5cfe47a1999

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\05EB7F6F7BD0BA633716511CCCAD442933622565

Filesize
13KB

MD5
430223815466d7af7b415b0235664a5e

SHA1
1b299b9e53c6374d8dc19623c3f4a91c81a92d11

SHA256
99cff5c589acabf1839bf2d0fc6cee0b435ead1bbe5eabe2fd1461a68a568893

SHA512
46700ba23e6c542d4c7650a63dcafbfe4d04b57b35a03332241774b598256950681a5fbda5ad120050b7f753c90c2c25fd94cba899d9e4f2466d3e76ad00acb9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\09B6246573F821C7F14839597D0E748260B9295F

Filesize
13KB

MD5
a21a12da1a56dfe53b89814d541d31f8

SHA1
4effc69b647ff3d137c0ac28c2574ebc40b17717

SHA256
0c93cf03e808c1d5a83116c972d8e6b6b3a2f3cae0a612263ca65bb6f6c5e33e

SHA512
18bb0088fb32980311f704dcc6b1f5c474de487c8b1ee72a4b670fbeb925cf29d63100d505de9ee468e4116cbfc634cf9492c869f00d1f5c85d1a4cc3fde8ce5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\0F84FEC3E059AB996B4D032AA8A13BAE9C0F0F48

Filesize
33KB

MD5
07801178654412f313869f58f83e4fdc

SHA1
741ce0166f6b35aa020c1580fa672bd9d5c3cda6

SHA256
4f3489e0b8cd46a9ec76d67ba4b739c93921447e7e916d9dc172a8f9bb033ea4

SHA512
56bd924a2cd989a43e0751036ee08fd20fc1020e6530a9a10fbfaaa115eb0ace823cb213712f2b73e1fcb3ed9edd0a711a49ce5d7256e81dc98ee48cc7e8c255

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\11993EA3BF3D355927605B079BF182BDF694A9FC

Filesize
13KB

MD5
7c989a2a97bd6c285ce4619bb43eeef0

SHA1
7db269fc22a2dde37ddbeeb410198aba90b0f081

SHA256
ed0e4370f0a8a70e7300c43814cf7ecb347c5b13f320b6c5aa64765aec5f331c

SHA512
bb0d3443f7fe691da722946a2cea4691fdf79b3c7c4fcae156a84b4393b737758657c3f357bbd4320382a99023e6a135b0b6632729c9299c0edcafef48b2dc69

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\159A2AE44EFCCAC6BD4C7B82E6022667F6231C54

Filesize
42KB

MD5
797dc9c7c008e3981b658be27ab83ff8

SHA1
c74f9c5c5ca0f3b17b6874ebc228f310777b2b0f

SHA256
92bf3f1513f6639c33cbb349a600c361f81dd727dd52459dd1d18ae52be835b9

SHA512
cbe51f80556ab0d54552fcc07144dd431cedfb46b4584bb7f201395d5a1b15559fff11fb92ea4686b0abf82cfb5188ebec3c64e3d437d9db550b7e060163232e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\1AB33D663B69F4F748A08F27D06DE9DC07B327E9

Filesize
53KB

MD5
7965bf8c9f4877ccd2c2afcc9d066af8

SHA1
f5559037600f175d24a625140b069224d07eafe5

SHA256
38fd22071ead4958f867a265a99e7bd2025018031c9f1cf3cfcbc8028366b87b

SHA512
8c6e2ced44ed341600b55e070c879ad821098e41f5f7bc917c00fdacdb32c66306f9043b1bcf40f743b5b032cf556bd84786786416548fe9d372a4b3633323ec

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\2B61971F12CF060DC441BEA2850BCD7F96F1A804

Filesize
15KB

MD5
d873876724ca869a1151651ca4b8c74f

SHA1
66e19d8e5f4654b1f15ffea7738d2f9a4a409974

SHA256
bce74b56fb82c20e8e11e73e53c8c8d9ca7503bbd9d673df7b08a30d84c77121

SHA512
ceb080ca8051dde98d913ee8e181d7378dccbe84fe8e35c433443fb49469de3809a7ac24cf31056898c2118c53b4533ea08de0a8f1934ae57c0ce792d7c8f194

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\36BCFA23A4D04A528CE70EF12214E3995E132134

Filesize
33KB

MD5
11316fc091fb589f8172eeb8168345a6

SHA1
5e5ca7a6bcbcfa34b34bc1bf4dfd9df9617a57e7

SHA256
72c6d65c393c1f5746a2b7f1eda60ce4a974f644f346afadea35cb904edc88da

SHA512
c8c27089aeab2f4a35efbdae4cf082b6513e023b748c6e6f3c1de90aba38831c98fa8746efe6c1dae9748e2ec9546d54066aff1b2a8bcd4dc8cdaf9b8b590e1e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\37AAE6F2172EBB8F25AAB227C7FE49403DC4BEA7

Filesize
16KB

MD5
bfad99b616c96fbe7ed0ed3c8d7ee963

SHA1
53b279fbe962b434bb4b85bab7a638384d7e58d9

SHA256
ce3032645b8d619df251aaca8e0b3d3020b2c478744030d85247843a471c2fb0

SHA512
b3951bb6eb8f9f162ab00c99e29cb1b963172b3a27a08651e2f3523aa2eee3f1f1de06d68668383caf18b850ac5d0856d9a6849262c1d3783477b447d0a68e4c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\3B9C0557257282CD5F41471F9C2DA8856005FB8A

Filesize
78KB

MD5
36ae77f2a55aee275ccff50d611a9c9a

SHA1
0514309024bfb3beaeb69d3e9e4b6950b3095049

SHA256
2fd780f167ecd4b0d1165b32187cc735e191352c8a2c0dd4da9d4564c65fb87d

SHA512
308c422b293f7c83d34369aadb8d864cb0bba897953c427e5a687a544ee275672931ca7d638a6b54e4aa3b80137676eb429ebedd3529b9ae51aceb815c096c7c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\3CC64668187C540A26A18501F41B51C0CD662225

Filesize
22KB

MD5
bab0daea7f60cd2f09875944eac6c52a

SHA1
e847e42eb6227da570f230dbf9257c1c321d5ed2

SHA256
fc7211a1f29a779e9faf7236311fa11931a8513a5d01e3ca033a9156df28eb04

SHA512
ec4215bdccce149f6d4b5db3b6ae40c2f3c3781b74f5d7882a7be7bc110f10dbe720d03d9e94822b1396038ff6a849c25edb05e1a9a3b457bca011aea8e64a96

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\3CD97724EBF47B50AE59221DC942CCA5EE96ED82

Filesize
29KB

MD5
9feca13350516cbd438b76a91d0ea18e

SHA1
4bdba207e33e652a974919224e60039d0a2f4069

SHA256
def4784dfca8f1d99104cb4255bf8a324ffd8aca09fb08341fe3c08d4d224c6d

SHA512
faef5e1dd01188ba622d88e5f157f5046a1b90e2f5719ded39e07e3b07e4449842a149bffe2d637942c393cbca3488e99e444be819df9326eef55f2c61d8938a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\49E72ADCCBB609E9BCD1585BBFFD7E5B16C3182A

Filesize
13KB

MD5
51a91eb506af52542d64ad6f133159c5

SHA1
68ea54a92b6a948b40bacb64eab9c9a660cf10df

SHA256
6d0a729ddf38683d1a4832380fd728458682aee0e6cebc3b1d6897abb996159c

SHA512
04354d2a2ed8e6b29ae62eb8bd6a82f68602cc8b81829b2930fb8cc964534812a7f92befe0da62bf033dec35e09a6c869af3cdd39d38562df02d822f44bb3082

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\4C11E373FD9A73A5E61FCB5291518B290C3C15DF

Filesize
39KB

MD5
3997434ef755be7f7370ca4898b9f72c

SHA1
7ba4edb189c42594944698b81807f13b320c022f

SHA256
6881983d76f1805a48352ca2bd65635de6f795d4f8fa21eb5f1399e9a918177e

SHA512
e46068b59a34dca24e8205421f5e552e6b743c3015741efce3074444dd560b86df7ac473bf894b4ca842ea92cc8ca95a187424c8ca9732a4c6d4db5853dd5e9f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\4E3562C55341939E493011A1EC297C2A4CAF51DB

Filesize
13KB

MD5
e5d1a98f5fa8b5d4ebaa0a4335c15ab5

SHA1
06cc3ffb48861c9c4559a0c87dc1b77e7b11b1d8

SHA256
66e83dc07e4238e77b395cc45befc89bc9afc6e0540cfb81d0273b3741efa6f2

SHA512
75c511bcbd1c8c7c984a7de46f1cf8f3e0c77c4ef270d9a3bad1cbbf67010504ac61f7a74a3084f4f4474b5177fa230dd69679c9de44f4947e7e345533b2da9c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\5358ECEF685B17A4D6173FF9BA4565B8A7A7C051

Filesize
55KB

MD5
00993f68c76b53569d3450b6626b9430

SHA1
d796e277a3d7323847ca4fc50aac7a0f3a99360c

SHA256
1b7fb29d3805b59778bb38b98214cd86a20358e81719664df1b039a286850639

SHA512
22762387af9f5a49e3116344226ea4b9851fcf731914fbe7e75444a93d0c2586115adbe2955677a832805afff0c2efb6e92641ca64a9b52de8d9b33c30c24447

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\55E5E6FB4DA0D621CA2B27FEAF7A867987DF935E

Filesize
13KB

MD5
24f97d96d083c345d20bd41706273f6b

SHA1
130061f816fd009872e54011c86c11241c5d6ae4

SHA256
09c6b0304f5771d882fd426ec5fed1a229486fcf810bfb4e60f930cdcc228d0d

SHA512
8c089b715becd0b8ac9d32e5ce26ac6e8e6bfb3e2381467242a0350978f963e49eff9ec96cb9725d82f40b9428a13b74e95bba8d8a4727b459911c5c53e985c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\5759696408CC362AAD43661B4E32560E15A7872C

Filesize
18KB

MD5
ef36a2e81ce02220ea82347b1cf82cf2

SHA1
88222de4e6eb4d3b1ca0c329be16a23ea5189de4

SHA256
7f60bb2ba2c6986f3d8703a7771ab4bc9c4f39db962863139bc840bb831ae7cc

SHA512
1770624a54b5cabdd88e61e6485bd324f8faaadb5d2d48b15a98ca4fc7c27ed14f27472a1bd4277f98471f9b0f6c0524e4f8f4f0fa30e31d5a63935019c9e0f2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\57EC2256BCC7CE90B4861B8DC8C057030B2F962E

Filesize
25KB

MD5
c0fd97fd4548adc05cf1aae5e740d0ac

SHA1
e083e9842f3af58a5a941462c2787c652a2d2781

SHA256
0bf25870e76b85602135cc3fc498ce6c135413c858f390f99f6c36c0afbf87af

SHA512
55fe383cae4b00b2413a64852d6c22043c7cc103d7728121b87106502a80c37fa542ff8a645174c4560e0119bd78a419e1d9670673b969305860b04a4390d23c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\6B995C7CA46FC5BA0EFF9F15DA86A8CAE4C276DF

Filesize
13KB

MD5
ba4e44673a34647f6cdf511e5ea264db

SHA1
e774546077534bee876ec19d39da42b6a13f07eb

SHA256
6b771579802bb67ff2cc4f548fea89181be72f97838a0ecf554ecde7d54e1905

SHA512
15a7afd8ea56877915d32d1405cb0f06ac02ae784d8b26528814fb1de2d082c1dad9582d53edde32f704a8364ebdd0d0bb95d13ff1faab582ee83b78dc5bfb8c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\6C612373FB8D2BFBF83EC52C90C37DC71BC243E5

Filesize
14KB

MD5
46b9846436a53eb837866a409e88b460

SHA1
1ed0f4b46b34219a4ea675171e2cded0baa06dce

SHA256
85a1c0abf561636630e7149a3fb129ec3039251af522ba1b2df81d21a919179f

SHA512
f3a88b3c6e190b9680df4c36780a71f7ff40dc16bb59f66912482d8516c563111abfd407790d4655318ff9eae0389a8b03bb7dcc963546489d03fe27d29f3b60

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\6CB9E32D9D779F95212191084D377981BFF6B80D

Filesize
45KB

MD5
fc654c7311dc869a714f1795b2f82c79

SHA1
ff5b37d58b022988097d965432bdd2235b2e5242

SHA256
7289d47e1f25a3e065ac28ff95cb31b88398e28a90ae14239ceb102d87099a15

SHA512
3c0650fe286294f657f4f4aa7ccf92d54ff6ba60ad6f1ef5ea940f43c01a8bb81207f1b5cad768203506a2070eb9fe123147d109e59056890dfda48524c4fb0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\6E931E334F0199C6E1642D7D42B0B2D2EB5C6B27

Filesize
14KB

MD5
520f6724147d75ee092ef81dc37ff9cd

SHA1
ce35e16a611ade6d91d5579c26c6098aa8dacf5c

SHA256
666332501f5d10cbcaa98425c7bd1349a55daba31693db2e1519b9483f4a4f6d

SHA512
b671008752f5fe9d925247e781ea444ce9444f109a521b2a4f1bdf50c9864d4db12f389759bac85397d8fa51e27c5dd0ca34c7b5b5c0ff1fcd3dcf1b592b7f76

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\739025F062E977A263D0043D9E01EE529DEBBEB9

Filesize
40KB

MD5
155472fa32a21754534afeb48e9dd131

SHA1
995bb7f3b0e3fa2108c7a3dc9be11d3b727920ef

SHA256
df4b9e3be74add230a01d0d145d1ddc09774b8cddff499606262541297bcbed7

SHA512
0a05851af20812e4304d5a4e369dc15e082e89591ec1ba980df53582b9c327fb80a5aa37dfab414a3a8f642b08b33fa84ad39a6b0e57a46667030fe89cf8cc61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\7505C2B294EFEF808B30D034AFB6A215F17E6F38

Filesize
26KB

MD5
5eb034b91e8a40a08be9765fcbc8d7de

SHA1
818cb36d2c8ffe04d37d1528016e6ce5a43bf5b3

SHA256
3203f2b05cb44f03cc9999481e66a9bc61e077917742d4bc1ccfc964042b01dd

SHA512
08a67532a97643b385c360d8fda41d5f3412d9c4378c1350451294094609999780e77d92daa226293fedd9e20d80c87a8ca26c243b082c5d67695a58fb6350c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\7853CE5D0985738F793B864E491D817A9B4103A3

Filesize
21KB

MD5
cc87b900b626aaa2e49df7181324a488

SHA1
5b51b631ca13cf22b131e9b51d433d3101a718af

SHA256
999613456c4d5d2625d07745d9cc9442c0afbb6a09210146b3fe237a625eb460

SHA512
06d14ffd73b9c9076166cd5ba091609fdc3cfb1249411ea07be32b40381f55d834882912520d484e5290462af99eaedcd711edbaf4038fcf50863d2805d90f47

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\88846AC347DAD541EB5EFB5174602FC6A3F822FE

Filesize
39KB

MD5
13c68b22fdc695816cf75381d5553cf8

SHA1
e760704c0d169c3e56424411623ff310a8aaec1d

SHA256
2d73bbe56d10dcbb99e55fd405795105b00b214151afc566affcd6ea99b42d3d

SHA512
ba85bdacf46bcd1ef47b96190136861fbf49d8b8c10307caa76ef158d69ac4b9b1081126189d440b78e1b1942968ba6c3aa7f2788ceb69a733476d00bb278b6d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\898714A1436B6A8AFDFE851F1A4ED5202520A811

Filesize
61KB

MD5
8d69bbe609142f6a41a1c7a040a02f14

SHA1
9bec6fbe2c766ca4bb9f6f07be4a54f633d16b92

SHA256
c1ff874360ba6a943fe481c281e2fa18df792debe8615bce995cf19fc941978b

SHA512
42dba9b1b3f33e158b86dfe89fd692f05751ce99b8e88d7b3648b060430d5e87bcf58431e1d079e533689ca1cad53e43b45155d4d0936a01ab077809c1c55988

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\8D2CE4EAA75CC79AEA0DF94C7F0D05B8CB29C4B4

Filesize
14KB

MD5
00fd32a1801a19055f1e142118a09f8e

SHA1
8be600ee880855054b4f0cf4ffb4d824ac775f7e

SHA256
ac389dfcee3071d70b355f5fe0ff135e3ba0befe811e8d7c7ef3a531b7ec399c

SHA512
d4e3c8f2d6b930d8401a8236fdc6d3e2f1448ea3ddb22e19264f357e3986815840d96fd690632750f4a3906d41a27ecd916d7d4068fc28afd902f98dba241d1f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\903E00CC0EDD76D57ACCBDEC95CE0B3E8C2B9C11

Filesize
17KB

MD5
c23d5862258c789446010b8a39cafb83

SHA1
2ea727727c7cd59bba8518d89a7fec5b0b248285

SHA256
e4e65f217bbca4c022ef82162367c9a5836d2a21f8308860559146d6dc050b03

SHA512
fe9540d08ea0934c05a9b06dbcaabe9b244b9d09fe0efc609332475f4c776cef766d8e74ced03865eeb7618b5f0b18dc182fd3b6cf422a3d02d01c3e5d5d42db

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\924F5866CE4620DF03DE95789845BD5455DB2BCB

Filesize
23KB

MD5
d935dce935e7842c6a1551d8922e1ec5

SHA1
a865273df372664aa4f8f62e0a4c2dd0d489700b

SHA256
657ef5ef6541e24d6efbb8bd21f0f8f231afe0f1b3cad25fd7485529b81d383a

SHA512
c2e08be32425f977989bee6970672c7d298860a568ab2cf4d7fe87a5e7aff32bfbe1645f333ce6e9d6cedc83deec9578b53c1b6889cd5aea3c7b7204d8fd554b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\96A0D2F1C4ECD10450EA183542E05ADB3BBB4257

Filesize
17KB

MD5
9882cb979a2106f5cdba072612bc5071

SHA1
e0d9c10ab1a4b5176355b75d80ac1ee383e196fc

SHA256
55a593d5a7ce38bb26b77c7e9c0d26a6174527cfca22fb416a64192838875de7

SHA512
bfae21d51ae8a498f83be3b52819209b98abc667ede2d9aa695576b8ba5a0a069d0917acb06cb621bc9dd8d1089bbeb0e3f0a5f3e24a4988b970ffb813899c33

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\9C29916B899C579DE3BA8409A772D155B031D381

Filesize
111KB

MD5
a1ff394b561a7ff7a2b1bcac0a162e0c

SHA1
94b1ff4c9b32e31bb7fd9298e74089d348faf196

SHA256
becc5ca3964381fe82ce87054c0cd37a40166db3ade66fc40f942ffb10e776f2

SHA512
a7a8c75fff2f6238d4755d3e19f20762ebffdace3ccfc24452e63fef4dbd693014a070b2b5f6621677c3830141507ec61ad8478780d9c9af95d3013d796335ef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\A1E5C9524B11F620FD66E778F722834238EFA01E

Filesize
38KB

MD5
062ba9fd17ed38df597028fc5ce5f13b

SHA1
b1572d0d64aa99ca0517229e34920ae941b4060d

SHA256
66a12a4f276bf410b169ea2eb933be0c2f21bc2bd5169fe2fb5e99a730401171

SHA512
b22a24c165d03a6c4e0e179972be0ae40cd942cbb998286820881c5488e497944e56f69ebf51e61ff6869e27ebbaa5f0ba3835991b886d199ef0857c2aeb9aeb

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\AC5B4849CAB26A6FF5E0D69715FFD2D5203EA01F

Filesize
68KB

MD5
0ebe821006f3c5d80a625c7f0b429428

SHA1
b94ffe0981f9ed6a891a8e37d9bd17512acf0cda

SHA256
c98f4b59f64b7c323b84081294a5c4a5e33d99a5cb0fd40929b924936fc5bb00

SHA512
a665d30e19461a42d3781b1e1ea8206df6f9fa2cb3138c4936a5e93271cbd7c5fb32c2b084174223f4456c82bde16b189e47e23fc3d8efa78436615e6b39bc6f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\BE2D3D60C4D6C94AEDAA7868122CCB76EF5AA608

Filesize
30KB

MD5
5d8c6a94cef96d529a8de64fc5e78790

SHA1
b4dbe8699a85eed953db786fa2f1c02ef7a9457f

SHA256
80d40a1d26d7dfbb8d2d7d42302642bd407619993029e427a9fef91fa4dd33b2

SHA512
d4164c0386875750ce7339caf571f6fc38e030a3644c1ac690e8ea19211a1cd89c5582a84bf62215f89f5f72101323733b9922db3dadbf95c888c7cdee10881a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\C20E036239CAF315DF30D2CDAAC4F746820BB89D

Filesize
98KB

MD5
7901be5d2daf0068f311d7fc0f31e783

SHA1
fbf2e0eeacc7f77fafa5cbe3010b2ca037918242

SHA256
6167397ef805ef3932190ce3f12012726bc892baa127a2ba408913054323611d

SHA512
a5a3e2be976f46e0cc6349472bc86d859172807a655473574b5852daa0de78ca96d9ebbf6534ecc34032035e934ef27e4b6a71423b658c912a849fc99b2590c9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\C645E07FB13349931511405121A99A7F98419B72

Filesize
14KB

MD5
905a4401a1be5667b50fc18ae0f571a9

SHA1
294fed0e2f58e26b833656f2a7c5ca741d9e5c23

SHA256
7dc74a02df007c302447a5ebd1289a07022cb453c025a5ce36213cf2f8cf6b7e

SHA512
603751d26c1e85fd11f64aa05272e8b078ecf6e4079560388c78d39bbd72e4ffc30a01c7bd81a099a2bf943d468c46a9fc12a1dfef743f12955b52a0600f4376

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\C8346BE2A3CB54E99C43B824ABAC5F037264A4D4

Filesize
19KB

MD5
16df290a01c3f24db3f8cc45b68b380f

SHA1
a17449cff030d17e02158d79e97c37a62328d50b

SHA256
2c1a0e3ba4849e58b65b8b0af85049c6f903f5537b123c137a111b85864087bf

SHA512
11739e7dc95202efeaad35a2455bf144c1bf879372826e45f7c75a0fbe63721e766fc938729d66d82e0a1532aff0391ab3dcfdcbb8b563533bb24c96bacb1148

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\DA784CCDD74E697C1B9356166222C06487BCEA54

Filesize
16KB

MD5
af14c929ac9469ddcd0d352c5b0e74b9

SHA1
2193b97e4c7427b9972b7ddc780de8115542c5cf

SHA256
af648ff6becfa8d47a91d062729d65e8bce91b363b78b1ab23008e007cb63d8f

SHA512
d10919fdb2b6e8e42a3a3692ff8621293bebe46fbaecfaa734eeaff2623cc70bd8fa5175b274b2d093fb2cbc6e52f1ece58c6f9a0dcddd0f48ef08c54db28da9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\DB7A36C3E7F7DAD48CAB34787C2A7F576AAF7039

Filesize
75KB

MD5
0381fe5a86f0ccabc87feb18ae72634b

SHA1
b65771e41fee784407d843cc831fed486a5d6ab6

SHA256
732a96147d48f2c20c1d699c53e74325a642ce65e1757a749eab3ff965526b01

SHA512
96027246fa32d7cfc547289cf3afa3ef2bec024530006dc31334556020872935a61b01e8e34ca9561b2e1b7c3fa474bb6f4b43b778b71094a8d67931a055a0ef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\F27E0CDCD1C7E6F6CED7F2BE71ED722173C6CCAB

Filesize
54KB

MD5
b0d4173c400da5cd50f06642b446b859

SHA1
b05cd8163f2f7a5254f0b76356260f2bc485f571

SHA256
d72429837b8f7788d11495ccd1625e6cfe379fbea56ea453f33e57f4c7542312

SHA512
68c4d9eded2dbb493ef439f929a1b179ff73de3d1e20419a7e46eae8a50512899388ac1b3a2b15e043aa5d909a26874c8f277d255730e6cccb22bfb7d53d2e3c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\cache2\entries\F8E23F690B0AE09D22E839B91BEBAB19386FC623

Filesize
95KB

MD5
4cf65c07a4f1235e5599ab86adb9b239

SHA1
e520b3e8e1b3d103e9a525bd823b50bb5ad88085

SHA256
16df0e8bdf419a30671125a4bb7bff90c6755029ebdffe378569f7086d48e1ac

SHA512
435711b37546a514889e804294cdac792bcf566edcb7ddc2e254d11aac2bdff2672546a90c727c5467c2cfb5e8bd05e4c9faa2b509548320043f7c798b8238a2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\jumpListCache\gOcgP1D8+B+y1SwiCCn98PtHAQVGB6trZkn5m9rgrT0=.ico

Filesize
825B

MD5
c268fe907c8eed41344d5d6a0a31eeea

SHA1
afed1ef0650050b6e781718850c87dced9ac3748

SHA256
9b7928c96d25b08c4a43b76d5f31830b3a9a5e150efa4ea61a65eb4e9995be6c

SHA512
4c0873bf462595b37b016ab17260c1a1836a800bd6d8cc2a292f9cce7f5c84821c7906343c0a2379520481a2a21c42e1d26f4bd712f4082f513c906fbd144cbf

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\zrrtvxky.default-release\thumbnails\e8b2236b2b9403601e6c97800659f147.png

Filesize
28KB

MD5
6d27144f6679ee9cc76c7e2c3cdd8f6c

SHA1
bf91a946171a333913ac3d71d5779a073660b713

SHA256
965b07cd3601ecc305339dbc6e7fe760b3b8975f9e0a5c728e2300f824991657

SHA512
fe59d06bee40b126790f3966e81b5bc88bc2ff5586b7358f8642f0e4a92d7cf7a1063cda7a9493a5c04c5838fc9c953f058adf27ca436155066b244d103813c5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408121216241\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe

Filesize
6.4MB

MD5
607fb47ad9d20bb16f90e4a38c93bbfe

SHA1
578ea8b4bd0bbd32114bfd61910118c3d9cfc355

SHA256
8a82ae5c857123cc6972b93828f3a6202c0db4d325ea6d5b1e36dcfb290c1e09

SHA512
23470d0aa5989132efa1fcd4b1d183374384e3b75249910c08e22d2fedf315f084028b7299d6f6c0a5230b2ec78179485d0f187d0a87f710d25f1eac81939e47

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000084c\BR5781.tmp

Filesize
128KB

MD5
f2f31d07b6e81f8ae4b80c9c6a60a325

SHA1
69f7bf5d3ae27a922ab2174bc7e7485b9c66c19c

SHA256
385d894797bad7ff9ef8180cbdb100a9a432df2c99563647458d6c32f10ae02f

SHA512
a4898a660e874b699dc3dc8d378c75a08603c884b06424f01bea4aeaab427fcc04e14bff3bd95a4296befbde153cc63036aebc01b5de718efe52d48dbb28f1d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000084c\BR583E.tmp

Filesize
356KB

MD5
c3c4f3fe90e3b3b02bea0e8da3447ed2

SHA1
7ac0f54119d2273a2cd261f1fe6c5667e9c486df

SHA256
3524ec77985e390acf9d07d81b1b44305165d711bbca770f7458ea0a78751f82

SHA512
0e24c9394c635a3f1671a297f97b613e6936cd8f862a214125d3456324a18668ae138d5c4fde036f55e2b13b158e4cebc53f78153862a008b1ae747eab228a60

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000084c\BR589D.tmp

Filesize
59KB

MD5
f62dd6ce51e19349ec1d1f2e88c4ef4d

SHA1
60bd29538b4fecaf527ba8b7d92b7f32d2e72ddb

SHA256
be88244da9faaa6636a9d2f4c4249c08066a0b48359690b9b27a2b9ed47e093d

SHA512
ba68a59427ec252b895e1c3d6879e0c7a010893d23b5a8687ce86d738faaec1367f73abbcf63fb8ce8b95d32afa3049cd59f22f0bc5a2ff2a3b123a54fe02012

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000084c\BR58CC.tmp

Filesize
198KB

MD5
412c88f7f758f0f1e9e47671474f7a51

SHA1
2b92ab2b01f58302a04664c3fc1327acf4b86a84

SHA256
9857719f6d0dab7eb1c4080c0eb1ae19f15d9e5d547be91f12201071fae1808d

SHA512
95cb311323dc40f252612592a3e642beaec50c5c0a76d06ad474ffd195c1d8465149dd882701522906ce99eea6873495ce357cc9aed385b9777f071829138eac

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000084c\BR58DD.tmp

Filesize
513KB

MD5
5fbc6bd806a8a6c460faceeea73bd7f7

SHA1
4d1586a9631a72c3e1d75fb3c385dbd278804665

SHA256
8033d1b3af84d47d275e022608da35baac16cf40d9607ca026a47b6cd65e6a97

SHA512
4c51f9f331ac15206942e13504334b4c3549888519388607c44b617a68a9095114b0e6127e82b84170445df06260cc62308bc197b90cfb95af18d7cb6d413195

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000084c\BR591D.tmp

Filesize
235KB

MD5
51c675fc1ef0a62322052d3e86567c06

SHA1
e295d0b668105d81f9180ef1056d0528e4b2116a

SHA256
aaa3d7e589e9be1911eee5974afa68c64af1bbd5e039ff6a82a15c2b54c0f9f0

SHA512
a352e82db5c930c73165a48337ae51acda7ebd393b8b0b57d03d2e1b5057c41c26b1f321759b7bc521166890853ecdad7b37531212243ad86e181e2252a3b78d

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000084c\BR593D.tmp

Filesize
18KB

MD5
6d2c718c3059ceaa7b90919e6725a09a

SHA1
489967f8fe2b9021a891112754b840fe7dc71d13

SHA256
2ca70bc6394ee1b299a8cf1fe28e95c7d68b765e1828db1b651a7a62acae5356

SHA512
37547e9c6080d0dcb3ea23d9c856ce689997275b40d72bf9fd7c7c165e8cee4afe2ebe52e052c5f8bfc3e618391425219e9681191ee6f650444ebd643cb5a50d

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000084c\BR5A38.tmp

Filesize
19KB

MD5
a56543b9cd3aa403311b49189d25851e

SHA1
bd2609d35d4a967fe23ef4092b1daa6f74a858ad

SHA256
034756f772399552cd33605a189ee0e45d7947860e0d83ec12aa6da1a5a42054

SHA512
2237f493d70799675ae0e395f551b6cd46ff4789e46e2453c48fede07b7623b4b8111904d6fa139c204eea4405b5fd5812b0a91f27374219b721339149c25edf

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000084c\BR5C1D.tmp

Filesize
96KB

MD5
9b299884420745d80c70bba6b8a7f05a

SHA1
195423185a7776e072a65fbabae868c15f7b2f56

SHA256
9426e96a97f41645fab524385a852687792f99b505554b6b9809ed99451b2399

SHA512
ed839dc1b6ef53f3663b6055fb2869a522600b2af8d8a800958ddb531154f4e9a3f1733f32dff5511a22fe01525191c8683519cbdcedec138b1bcf3425f2155b

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000084c\BR5C3D.tmp

Filesize
179KB

MD5
7a13a1552fa6a5d983df7ca4df4d2b8e

SHA1
fb56bf8473730c0c155a41c4326d0086a36fc9c3

SHA256
7c7d2ad193cd3b96c402b4da2d138ad8e7fd56a8aaa867871c5122f7674395db

SHA512
56ac3d1e5e07b6b9b6e4b1b3c2d38cad4d7616b81855fcaab6856283f866edcdcd3ac43669fc0699d274447b5c8f19fcbd06b7bbd7da68b8787225b708584f3b

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000084c\BR5CAC.tmp

Filesize
53KB

MD5
2c8f6a964ca7761122f7da22042462f4

SHA1
290e48bf0f83b3f3832f69bb1ea0637ed4d8ccca

SHA256
9d6f2629aa5978dd6b87fe9bce77a5cf0135b8da2980a050579eb4e23a92f8fa

SHA512
88c49dbc5a5cce28fc61689b953e091dc5114196a9ce5977de1bc1ea916333d73a13d06abb56b7afd88f6c4f80953a2b9b720cd79e773a1246d44b37eae4cbf8

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000084c\BR5CBC.tmp

Filesize
53KB

MD5
4640fd47f64bb72cb34dbafee65dbdde

SHA1
508c8713e06ba55588d41918c5a99308cb4b37a0

SHA256
f02c4352ea80e1b476eb4754455ae684efb4289d95edf925e38bd3789f6ead49

SHA512
de2d05ea66ab37b7120cde8f4aeb79c6365430bd94f56b07019451e1329f8f3a2674af9ed6677b8ade59fa2185c6a48eaead47091edc8284e686260c69544a4c

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000084c\BR5CCD.tmp

Filesize
218KB

MD5
7190ecf05ec3b297d6ded3e204399e95

SHA1
5c085cbbbcc8686266acfb318e75a38794625e88

SHA256
49e2c502923de5f89958de86f1cc6f91e7ddafe46d0f81bfb51a669627650e6e

SHA512
4e12adcaaebdc08e06270437dd4ebf33c4aecd5b6cce7245bf12b0303c809465d75d5b319fb262a807cf9a5cb99d808e466fc30b19d88ddcf2b3f0b9c9f74881

Download Submit
C:\Users\Admin\AppData\Local\Temp\BRL0000084c\BR5CED.tmp

Filesize
125KB

MD5
053a60f34c75ca0a4a821b46eae86d31

SHA1
ebcf9f84a393969655969c248c2d572d7a05541c

SHA256
683f19a461948f4cca2fbece26949b34d6347dff279efece983b9f64a868422c

SHA512
346c989ef320079b5978678264059ad9e545081dded233d10dca73a72906fa01df30a3c96f6d319efcea64c198ef409748e511dab8a4d43e1fa7af50ed3f0256

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_240812120959422968.dll

Filesize
5.9MB

MD5
1e6485e90130bb0cffd2ae2ca7fef2a2

SHA1
b9c01fddb3921b6f56d8d774eb0364f7024428e8

SHA256
907cb59383443ce62fdcd2eb90e4bf32cf3a0de6078e708f694dfc7bd7166b5b

SHA512
e28ec73e1465591827f092b71ab740a8de0b7ffcf5af0b3e4c1c8be37f16f1a87ae4fdfe23c25a305741a5aaf30fd2aab77f55061eb729f0dc5e64aef3dd6527

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_dnsvel31.4u0.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
f2aba078ca18f64a1751e143a5104eae

SHA1
c4ed379e715d4f7e483907be600682f34e56a8cb

SHA256
7d096dda15e9cd8d0f5849de4a8e8bb59a2ba5f820f10c24e126993c6fbfa2d1

SHA512
57a488244e76820d39659d168368b89c2ec82e1f63be369a203b3caebe516a431fba2ee807c3430e466e1f52fdacb427843e6dbe20120d094046ea491b758557

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms

Filesize
6KB

MD5
e78e97511f2e9da471ed15cd3618b67a

SHA1
266f0aadc6b2af298fd5d16d778926c032d65f79

SHA256
9b1000018d2333371e3b1be350bd898afeba18c693bb0d105cf32c7f7518418a

SHA512
af987b1803b7ff34b1f8c4373c6b2e79df29017edbb1e1bc7ec046afc7a4ba24162851efbcc1b51a3e881a0a2b1c24426eea25a4129ca9c591d0eb8e4e7e5102

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
9791d6f554faeeff993a84d79dd3508a

SHA1
6072763af8044f053bf25e0f6af75fc9f550c6de

SHA256
352a5788b6ca4efa404b5c987e2171c563f589b88020315805f52b0355c4fc8a

SHA512
ccb69e92628ec0f4d6b79e952fda643f0ebfd6ba553bed2339ad6cd6beb29713424e94f42abdc26075f959d6a8674fbbd624973cc161a716cb842f6a99c7468e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
bcf0e7126cd88b652d3f3d152cd1217c

SHA1
c43b1ede19b316f5efc8ce9cc026527604a678f9

SHA256
b00d89a5c999fccd1413f1c95a0eca3a02124a695d739e309120ab09fc26f754

SHA512
80734e852753369d75326acbb9c84c1668c7cab3bca37a5478dcf65b383b1725c5b358564005a8c43e2e969048ae219485ec9a6f96ed18b780824e7a8a7379cd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
332617e9d925279301fc17f62cd1d44f

SHA1
8c8cbc7f619cc1987adbe8febe6010dd0003e0d6

SHA256
ddb343c9423b79320d0c54377368be66f76b7471bbb8ee84b5939062532b9b44

SHA512
5a9490e0a9a3987c53f8509e830ab271741f1b43303a01a9b40162533283e799a5c0c746108d00c5d4bf9ce5dea503f347c069b76135be3772cd6de04d1f74f6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
342c319a90ff3e7cc8ae5e667bcd9462

SHA1
fb6e385e6628720d50891e4b683dbef27ca8df0e

SHA256
2f5229111ed1418e18f293e26a8487ed2c0682435a56cbc3b403805e88d3061b

SHA512
25b5cc94989258c9d5a3038d8f10ad53200bb007fdb3179796af05fdecb072ddbcb8ab9e0548796115473bc1f13863deb8729bfb62e2be917d4dbbdd70ad63fb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
593f8c68ce3925a647963ad3da0d7ded

SHA1
0bbee43ec9d971676401c8a050b39a5495979cf4

SHA256
faf1b16f604761c1c0c30c4b8a0fad13886252ded3093a27346f727926b9d4dc

SHA512
f97fd4e79690102b93592838472c45c7503d42cf8e940a8a1ff541b15ae70138afe8aafb88a5eabb7eb0c2a3c280d76e100b68d707b111783f4863f6a82ff224

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
b378d78ae2c4b1f56368e3fa9a9e2494

SHA1
37a5da521c5606787149092f914c5e418b6b1a65

SHA256
46ce283aad2dd2d27cbdc5be25089f713bb2829cdb2918733857884fe283c67f

SHA512
feb8881084238d373bd962396ee920c31ce4e757ac097ac0244399a38cb8cae47c5d6710257e44e9b2d32a7ccb6acab1a00466195e16cf745f887bbf7a6123b4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
6beb4d022d921cff3194ceb26e69a245

SHA1
28c14147e7576a0835e05b3c4fe95d7fa25a1934

SHA256
ed0c8668775c170e0926e2572966fda6346ab6563e1729b53b315f1fbd7a86ec

SHA512
ac018f89f01a67026b2fdaf3a74edf56fac884e0c17942d443f1d57b820aeb97832aeeb049739adab6ebeb9e053fbf89df9dbf8aab962c7ec7db88c2159006a8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
5a19af8fdb240fe949325d24b9823192

SHA1
a0579ec72d8b3cb16a47c962bb24bc7f08794993

SHA256
56d218debb4bbf1cda00456f19039b1d1eb5bab320407526c637e13ca5a155c7

SHA512
06537865ea02886d957aee5af56a3d36be5855d0e37f09ffb19b4b5b8faceed401655276f7bc8ca6167818cc34b6e4764032529844b44dd930d71ac3f92497c3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
18KB

MD5
a2f97da81a53e98df194ab95b69a5470

SHA1
d7da303a3ee5d447d1ebca1f2f58cd36fdc4268b

SHA256
454273a2c6530ee82bc03b3c450e1af4f8abd4ae6d9b9b575e6eba5f6ad4b2d1

SHA512
c624279d550a7676909a7c0654da8afb889f2a041853c573329bb7d8b924e24567983a1281cf5740df585be4944be9f4e0e0633c61245b3300076337ab64d8d6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
10KB

MD5
70b38dd9d7552b8a203bc6592c8eb2ac

SHA1
e2b6e678b98d9c0890a4c4a39d1e36254edbde58

SHA256
dc31c39709213ed839ea0943c258ab8fcecf0cf5b3e311fc9e64b96592110b39

SHA512
eec382aac359d358a22c3691dea8bf84691d12b93879ffa5288bd3522076ba546c689e856af3f73f0b37a4e5df8d19a4e23b1e48f40b54e40d5bb85830aa5f84

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
13KB

MD5
8c1a8612f46171b4890e81c0b6b5106e

SHA1
4c4b5e23b16d551a8d2476fec66f3e4498c9c427

SHA256
9e68191a6d61274878c99b77e39272ae3c1b20899a91ba7ce8e9b096eb72f5a2

SHA512
f30495ff834395744dfc9d16fb6d82acf31c617d9e1c783efb25cea8d28bad4367ccb8f43debbedc084b756567694062a10fc2d7a562848db0abd52ce8963f76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
16KB

MD5
57af3439a3b8b279720abfc61b44dfad

SHA1
c91d49bf2c363e28e625b52c3a647a87bd72cdd8

SHA256
f49a2c51b4575d0c3c3504f6e7629f6a1ada287530c32266043f3169768bffac

SHA512
b1663e94d73b70900a629b8e2a20c4bafe1cccd5f35f4e1a5d5c88722a571e85c8f493b8ffddcef62c6eebdd4f6b605d2a315ca4f70774e6fd0644159571440f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\AlternateServices.bin

Filesize
7KB

MD5
eb51646c123b2b566c4a15bb2c152bae

SHA1
3bfa9ff22899532bdeb72832253b9c338d607ac2

SHA256
e1d589d36762f5d58e965ea153fa5ba3daca825f9756b2a5390bb45f15a1d772

SHA512
231f28c8c58fb00123b9dd39553da63f87f5e9cb6f763204e247d48f5b21e2fc522ff4e435fe1356723e50c843eeb17287d392514b805b75207fb4abe8b8ba5c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
f24b0aca77ad3bba643797e16f7fb39b

SHA1
7d9e7b6d30cb4363dd1a6cf2479b4f779c834482

SHA256
d6e7105de44baf8927ecda027cde502913a3ea03120c565cdc92acbabc4fcddc

SHA512
4d00acee7b5c3b3663e43264c863b607a660a419692e7741aca54ff2456b051d350a3244f3a54c47d5f35a578f576b0638b6a8b06bbf513f67bae278ab2bb548

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
71KB

MD5
e5073527a75207fddab0848e960a54de

SHA1
1a4711367ecb8cf96bb7fe62e5a04dac707d7280

SHA256
781e2bfa41f60a9e5a294ab2e1d89f496c892e65eda9ddf5a44e2c87994b5afb

SHA512
7e10b2e3a55f563de2f6926e89b7572b4dc46bc6245c4820940924653a32d27c46c64e6b9961e493949686dac58de0d8b1712d4fa729a0b2ee1b897609056da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
74KB

MD5
7fb435055d78549b2f768253541e720b

SHA1
11a0044c0034304e42baaacd449d1880dc8f1371

SHA256
ddeeb2f48f8bafd0e493dc5de17478cadefdcd1d7d97c04e6ac0afc16c7f9e40

SHA512
8e7753f8dbabc089ffa5fae338e2d75de2e13e8884f37e78c4e2ca50cba8e4ee156e190932a5fb8a3c2d0abe4ed00b6c3b1c8ba3187b5d66e07e8b25438075a0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
99KB

MD5
8c45e6dac2f546d52cf4bbf9fe6bd71e

SHA1
3cf0f0467a2e13ffe412b99fe53b799af35b75a7

SHA256
449b81eea0e6d6e76f7b6aa61cd1c3455d071368f92b2b9a7c6ed66f0cb67a5d

SHA512
7caa3b3f2ce72e50a3de618318644a3a2a98e35e2542026ab58eff86723e435b773f3c731b61349a4346f697f51632de1620624afb4009fbde6db2bb0d53ef80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
f637035e3b2c76155a8dbbe3b97bd0d7

SHA1
ccf813c32172d4c5232ca742c0be3ff808cc7243

SHA256
68c6f587165b1706414b7d16f37491ed486599339699f7a51eee8f5516ab14fb

SHA512
c220de041aaa8d673902112698a7538f46a9c354a25ba7d105ea5187fe38f5131822e7490146e069c80a3a1ceef9b055f7a4730e9655e3676d24ff4528ed5c61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\33aab40c-3188-4e99-9595-44b7fab2f830

Filesize
26KB

MD5
895e9e50690988d8d647de907d3d9477

SHA1
5e128bfd6fd8d457979e1894a0c07fd2ac0d0a16

SHA256
bef20a88e877fa6697543785fcdd97a93de7902cd1be1b71a9ba1578ee238906

SHA512
bdbe289f02a89bba938d54c40b5ea9e6cfd4661cc79c5e6d426531731a5fd8bf7063b5d1a8e92b6eacefeaae18ec6e87a42a8d111c4455679197a8fdb90348b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\4b8db47b-6ebc-4f41-b8a7-59ff5d46e2a4

Filesize
671B

MD5
822118c14c858a47a2a28e00c9146775

SHA1
1167db0c64f2ae359df06fb110a51cb051eb99ee

SHA256
390b0acca48f0547baf8bbb8af222fc316674a4b2fc75382d4cf2d9fc6df1eaf

SHA512
c5f9773f5d59233a79135380605555400f00f38f7117633cfc87ecc0585b7050d27c92afb9ee246884f920eda97f35d07f57295ef25ee8a30e2ead95ed4b36c7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\6ae29cd6-ceed-4ccc-959c-68667a28006d

Filesize
848B

MD5
dc646c4f1e3d01515d4a6c3f304fc9c3

SHA1
e1973d6ffa3a9a389767d319b6cae1bae3a8afd9

SHA256
d7205e6d5a4b79e791fe4b3b5a3ec04867b7f5ab1417915454791a14db4aa4ea

SHA512
9785e494dc14f36b39f831b884d39921161cac623cfe74fd8153e31cc5fe0febbdfb9b30757e8e0d12198d9a1d8753d73c0f4563d79c4c33af28ca73def4045a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\81e65923-89a0-4ede-8fda-241401499d30

Filesize
4KB

MD5
3092fd72f95e611d972e29d6c5764bce

SHA1
8c7baeb147d7f9e8321fc77e436846b3764bbe60

SHA256
f6b7330a06be066fac0135694647fc8c1a38e59e85f33ae2099b250d55de548d

SHA512
473ec57fb8ed13ee0b3037e17fbed235f2fa3ad3ee4a11566daf7c1eaf423a20031f49b87d6d83063ce45f19263554e6f289654292b2c522ec7ccdf8c72be882

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\datareporting\glean\pending_pings\aedcab75-e35c-48e5-b77f-114ed7745b12

Filesize
982B

MD5
2d9cca78ef7ae89aad0abf86c627c693

SHA1
aba309dcfda51fe8cbc261a9ce8cb2fd4501d3a3

SHA256
3b17f028579235b43a207e067053d60d7ea98dd92ca0cdfe4aafb502278d0383

SHA512
4e3820f4100d3f12beaf06af16e1c0ea1e8f5e26edbfdb0250edf1023d094382dc67d86e0fa16d5da736b0217cdc8ba30590e45f0d52f72e4469f75caa6f0bba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
11KB

MD5
ddef5a847312920670fa3b290775e041

SHA1
215bd885efe06d72f3818ec8b2cd2472252f020b

SHA256
d1a4959da95398fda2ba55b7c42488668ea968880fb385554b41e8167c61dfe8

SHA512
7e55d8b483585a78655366408faef6f9b5935ae8f579cb409cb25bf05c41aa72ada2389c2373cd9cb0df0673423f3d5793fd5a5faef6bf2745178ef111874e16

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
11KB

MD5
1a088dbf3b09461d5bd5f9777d9a37e6

SHA1
37ada7fe2125067cb7e550be14895d94f62bbaa7

SHA256
b54cccbc4cf47a1ae1923caf85e7e661998bc26ec51e45348e165afb9eff1e6a

SHA512
036db5975e3db7c611dc6880ea9a0e88c13e173e6e2b8d4beb17957ecf832a8b1742de8e12da6ea985902e2ab1bdd8ab66a1656d992a53f48fb6a2f0722843d9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
13KB

MD5
040fc2e8ae19f861a8145076132809af

SHA1
a9450dd1306361ac85749687daf242c8ed2c2277

SHA256
44cc33d497cb5d9875aa9adb5d5757b8ee0f23f71bf385dc1b35ba46fc24d2ee

SHA512
8e99aa2c85fe486eae228b7dfccb563712fd1a1665b218ce8a569bc3952c6d9880be57c0f95fce1687c316b0c670b3d01222dddd039e32fecfd7a193918f4fc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
13KB

MD5
af4b1b3c402999576a6e3c45ea7fb02c

SHA1
5a70efe997ebe049ada5db15610f5466f984724f

SHA256
871529d031d473b8d0927a0495c321678f8dbdc3fa090d42894a1ef4a6c97053

SHA512
9dca3bf32c8ed4bf56aa16f300b24518cced6bf06efd1796053eea849413469159b06bded49b5e91c84463f27cb3e788c81555585101d7de57c8a1aa3a320dab

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs-1.js

Filesize
12KB

MD5
7b459bf6b5e5041e840b0b1527edf92f

SHA1
780187ee1960fcd84e8ecd62a0e6494f2b369064

SHA256
d67d47442516562b7d7c6c2b3353cb6011c13aa09cb07c4908e89a8fb21c20b1

SHA512
d11799aeb4fc3739c1c4dcae49ba4d0f10df71448d77e82ae8cca9b5b390930176e88dfde1fb704b0783ef40b8def88d8877dbc5bfa7318631f7a866b922a2f9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\prefs.js

Filesize
11KB

MD5
fdbdc5505789f2351645e9fd157ae3db

SHA1
e0862bd0b77e22656aec56d0d581e9b215de89bf

SHA256
3bbcc5228e1eedcd2766a6123fc573c194f78dd26eabcad7de51880d9d7e15f8

SHA512
5a8b27dfbbf3f2eb306304f2e75628c22ce7a188fd80fda603d6343736e2cde2b748187fa1dce968d9aee3453c05c39513bdbbd9690f6c5b991989b4581da302

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
1e00da400da36157c6d9e1f2238ff1a3

SHA1
6a2a1a31563f80727be97890d8fac976d9ec66bc

SHA256
a24d48ed7a370d920f5dd50b6856e1086fdb0d2cf57df135844c842c06725b7f

SHA512
aca24865ab43e14bb163187684241c3417ab218285f526cbeea1ba1116d3b4f8a7cb593748799108b111cb1104b6d7769079c7862273904083ea85877cbec28e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
308KB

MD5
954c48609e2f10a43bdd4dc1c8120ac3

SHA1
99abd1c581a4f6831098bb023c529f1e04dbad17

SHA256
5d592fe554717403c0f3595d4da613c5a8c742d8986b15fd4a21a52d044c6490

SHA512
cee619b42649efab54c47b0c7d4b70919b48c0841f02baef6ee27315f91725a457995394086e3bb07d34a1ea5408939c4de9ca981448b9c1efeaa6724d692efd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
104KB

MD5
88017dbfb5dd2b77b814ab7e8a763472

SHA1
331ab57a7ed04eac23dbbcfa141425ed0a550202

SHA256
99ffd2292d9cb2a137473ec8b9964b3a6004a53db33a2396419e70645033bd9c

SHA512
e46e82dfbb8370e7766352542b8a6b42a294fb999db23aef47592dff1552f663c7d1c996fc2b2abddca8db6bb4642463779b4e87666ebc1e0690cf57c12ec4e5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
308KB

MD5
8a05918e923d4770479469db8275aeab

SHA1
4858412862dd01455cce2573da5a45b16805c769

SHA256
d3a727fddb9a2d1d8471a2c72f8d36d31a72cfdf7dafa5b293727f0d9c01d4e4

SHA512
ad3abc0a20a6c296dfc9f910127a1987a5de6cda10ff4872211c6c03c48297b6a024d25d0feec8362790d286f05d2b9ac149a3f26622c534bebae1ed7cda9204

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
309KB

MD5
6906275d29dc61632ad8657c1326dab5

SHA1
0464d1caeb7704554e86caaf7f624e2c084ca07d

SHA256
be156349eb2092b69341aafb8781bad520e6c75c4f9fa583f8fd072850f9ff03

SHA512
2bdda4d09ccdaec4e0bca004c4429152f84e567edea95594f9cc6f51b0e4778a3eaba443edf883d3cc99f73296f823a7587c75ea60352bcd74719200df8a7b10

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
105KB

MD5
83aeb6f0eeb6c6235618e94b6ba254f0

SHA1
3ccbd1c2bde27f43bc75965a7983f7d393a33f7b

SHA256
f2564f82a0f37f3fcf230f17d7aa49c96b20d2ff0bf44702eb8c40e7cfce38d0

SHA512
e4a574f557deba7f209fa4c1efe0511fb0f501a2f35ad469df1a1358a2400e15ad046bc003ba9d8374af52533fe784bec8a1eb36d6d244e54ec1131f9f7e144b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
309KB

MD5
e8047884a48fdd31a2617b80333fd0f7

SHA1
f6e2636b1cb6bb44ccb38bca481ecf71bb274f8b

SHA256
1f34a15ac0b114d123ed2eafb8978187b1c57d2e29ac86aab1d9126112271270

SHA512
496a9271bfd69e3ca770c1aa44c7b026e0c91fc65e18521bbeede6c696b2c50374263bea7ca537e568a5be08bdd05e5f00e89c60691373fde35fcd1bea146b14

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
464KB

MD5
72af8b9308ce785ae3029545ec4877f8

SHA1
e9ce800e746704bfec51cb2cf5383ad55def4d2e

SHA256
2e0ca199fb6525131ef6b2c463af65a83236440f1383e16d40aa2c1c365f97fb

SHA512
efe4bd38fc98d2082f81eaea432dce4f01430d98108b697ebea8c7a762b903562b2da0c598db5704156cfaf37b60c11031c60bcb2c718a3537133f9a88bbca22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
308KB

MD5
8df030e5e81da2a7b2040b6ecd9e588f

SHA1
b8e1ea3f4f6fa35dc9b9d43614184f52ef89d2d9

SHA256
067675e0a0aad338e910f13987cf7e11dd27a3c6b0bd7be1bafa576adee3483f

SHA512
0a0303523fc60b438093c8489c17d49afe1cfa92bcd13a10674e25727a0b7c86821db1a615447bac4ca1ed9e7488b17a86886349eceb478eda86bfc8ff3cb3f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
463KB

MD5
f8041840d5ca7a80386d1e8aaaa161af

SHA1
95134adf1b437eac980731ae179e980055e0bd60

SHA256
f8e0c45abbf7253dc0713caf836757c4167e91f41a13afabf38c09ddb98c8cab

SHA512
c5c32d89f0c6ffad44c7119a67223749236d70004ebe896e1b1ee76430f064f27433c560480b4b4bf24e0e968f807ba58c2c47f54655c2737f2b5480e9cd6fc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
464KB

MD5
7ef50e8a3ab1444bc55a7f0b420cf92a

SHA1
b746a75ee9b3190995072948bb2f224bcc754129

SHA256
0cbb7bfdf51bd125f059b63f34b5bebaf12aa671c5172c6a7c63ef21feb8203e

SHA512
8b196da4cc7b3113231dec1b5d71d629b3d06b550963b32923e823551c21012a58cc909f9ac6cc326649edd3d1c99e26472cebc3d22009ca6703731de28746de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
308KB

MD5
4beaac77b4730aea4aae2b744e6242b3

SHA1
7d181180a6bebb4a58e5afd9407e8ab6022b8be4

SHA256
a1a7395d40e735bf320c24aa6ee45a270200b1ec865d443d613a14ba66b2291f

SHA512
ea3efa9f668cb6b0c3821fdacdbddf0e4559234a1a34bf60c2f25dd101277579b0959091e3840abb0af4f59f67181a47bd3f88d5def055390770f3a3bb2543d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
467KB

MD5
ed8a224d59fea2bdb3992d95ffaee5f0

SHA1
8a9c1b64be84e79928430af7af90841444420435

SHA256
d9f3a5924bd6fbeaf88eb7ec52cf076a00aad5528bf84f0738f5d85d826a8340

SHA512
29d551c7dc595e81a36c9919f563d5ca3a112a02a2a7bcbddcc15d75d37a97bcf4a2ccc34bb9226e34462d361b2813871a4ba944ae7d2ab1d05dcd66e122f963

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
104KB

MD5
4fefafa3e683bb8b6cd36b9e37d23c07

SHA1
076e490e04d3982f5a65cefd9f3b19409ab44da9

SHA256
f5b3812798fed8851d0f3b4f3930658e3832c42b05c72b884b400b9cd7a8b908

SHA512
48c5d85fd83d49db2a382a27bc4b12595658e8cd535e5149d5c234e5b786bed5f23658fe118ef9eae93134166e43b23493a4acb4f7639cdad4c939bc50c9e164

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
467KB

MD5
060614147d7de40ab574a4936b0e8eac

SHA1
934cda40a5b0fbe8109c96ec58a8a4e26aeb3460

SHA256
468df9c22e461b80c168fb4392d01727fc00d790eb94e21169e8fca35044074e

SHA512
7612daef5bcfbb7a7de43f3884e0fffb97a4e75d748eded08349c36924a6f1ca5c73926daef3e7bb4f0a04dca848c35d041935d01e7a030d72c8f87ca4626036

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
105KB

MD5
7e76de23dc25ca5ef79f3d469517799a

SHA1
95636e2dbb2e69c1c13b647c00f772cbea682d01

SHA256
8e2e6b250f96cbc79d2fdaa6283ec587c29b37171b1702f5a7e28df89816bcaa

SHA512
10cc59ce8c268127ead5c2178314234666f0ada2c4fcf54d179bc229b6c2d347eeb28eacb404f89828f89887eb60deed1fb966298a619be557c84a36f876f8c5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
467KB

MD5
e41c03d0cf4c65ef8e73fcf19de9658b

SHA1
ec316ae175237cb01cbeef661f50b59cedcaa8d6

SHA256
c972fc44742537901964756ca2bf815043a1552c8c89ded0ef37019743bbaf24

SHA512
2fafa663b1a7321ddbbc530cceadb21ad48440bdf1cd91d42909bbdeb6e3f19bd3a56fd56f73073b70c3f8250a713d32e9449d1b731eedf825c70a40dba9f75c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
468KB

MD5
d0c41f71653ea3e065eec621f1900496

SHA1
a1363ca119940a3bafd459038cf3dc563bd15d51

SHA256
2356a23d3ec29dd2b5d40b061932d36de58d40d19a650d7ec31bd6fa3b859516

SHA512
6a0164246ba6f013e56ca18d53afa60d33d75bdddfab0bc9964bc75887d4534d894423dbeb01e4c21fc6a6ab90b74be042ad0b4a4e7d8e2ddb836bb027342b12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
468KB

MD5
e34da07e5557ddf8853b2f8489499dfd

SHA1
172e3a5511c7d474f2769899597cabe41a357fa4

SHA256
6754b33f18b56448207d5bc2c9ac5614d3b4b52dc1f8e174a8b35874e527e8f4

SHA512
7aade37850879ec557fdfe58ab4a280de01810e780e5f5ac97d3898be57013e7dbf92eb6345689c9088b14088b9bdbcb441f526555a8e7ec49a9daffe9575357

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
468KB

MD5
f9e58ea2faf12acbaec6231e4dc45c7e

SHA1
7874fbb8c27b3e7aad3cb111a9d4704293f752ef

SHA256
6e7e15c8d2c18c22cd5b81e19ce4d641ad6f9f70cdf457bbb24ed9be3c094fed

SHA512
0e1f344c7e1cddf47c6dc2da9566d32ac0edc9bb519f52cf57b2483bd9b0d8db9b0ce9411a6cd00d67a397c4938f3b82e39779e288168643225ca192c39e1c39

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
467KB

MD5
a20f78b7b61588236b274e1d5c676ffc

SHA1
51f40d1fd5cc0124af6afd62473a777e66a9652c

SHA256
2c4dca6070b89e6db60878c498695d07b7bfb83b91c5dd3d38c4210734589ada

SHA512
58289fa83858f4aa1e73a0f1c4756cef72df163800983a63dd6480d50843e3869050cd13ed2f4d4ecd8a1bef62451b1a7ac7363ddd333b0eb694c241616e24ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
468KB

MD5
0077cdd6a137d7d6e1cd17ee878e9ecf

SHA1
835f5108e3f44292413ee24163da99e1cd67bed6

SHA256
c1ebf959d0d112ab1bd715a81101dc56f9711c079c1d8fe52e916848814d640e

SHA512
f5f4a2f15a445e9e3b7791d0ede667ff5ac43e87ee34247427b7c2fda1537644ced0c5cfcef2a238162de866acc772271e2498395dc0031219fcac3b77e220ae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
469KB

MD5
5d26aa34b5b488e78540cc1bacf8c9c8

SHA1
a7af63808c8b4e1f67d34421ec0baac441069296

SHA256
38b5592447e19888f84e00f2581bf4f1c718da29572acd50f1e1eb7d81abfc55

SHA512
56170410b062c3c7522c1c3877b5e6fc9d71ed6e420b5083cfd23c4e13d0c4c27186374af17243117b48060c735ead52769ac9bae598744cfa7f1f9313742f1d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
468KB

MD5
41584fe404ac0000034bb1d1456fd031

SHA1
3016924621ff749c6f6a4bd12006a8716ece7d1f

SHA256
73f2e1a4efaf68089ddfaad77bc65bf00ab3c666c7ec0c2cd5fb2cfabe6d3172

SHA512
329853e942446ab7ed7eea1d8f4d72b27415d0d192cf37cba528fddee5a3efd748b2d68542a89f119dd647fea17afb04348415e798eb1626abc437cdc4576312

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
469KB

MD5
a496f540e844215a9d0b0d667dec3d3a

SHA1
e2792b7318d43efc81d80a183b9b347abcf16b21

SHA256
a6e55b524a60edd957d165365c2d71ba37d032358f20bf186457665a1b11a540

SHA512
27a3cc9a851c81472bf23810e931e187b8e3dcb2bcfb142cc7f153ea4166a3d506da1984f0e4349bb07ca95945b8339eb86da33596d66628818df8dca4c66e3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
469KB

MD5
996edaf34d4e4334961c5db023085315

SHA1
6ecf017553b644e0856b45bb95753a33dd1d9099

SHA256
2ef04252d709e45bdd45849692c7d3cd613904617bf31ac3ee694997a6eb9bb1

SHA512
393c587a7f449462a739d39a082dd797f5f070f29aa7dd63acfa4375a7e5ea5218ff19d3b82c2a708f69025bc1be700a2c5e412504a14730dd17a92217158e82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
468KB

MD5
8ba10a4dd44515e1423261176ba66c03

SHA1
a8965d35b5e95049f2b8723cb0cb0111df6bdcbb

SHA256
30357ee3c4ee30ae0b667a66d06a782e024a62d5dd7d64a094f2d79ba73116cc

SHA512
3c1399946512c6fb2c13481da5be9942e96f991366db09bd9580ff954f2ce16de353a32dac9623c1c64e6f4bafcb7c1d17ab3ab563119507383d22fff8271e47

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
469KB

MD5
13037c8f4f461502dc235488c65f13c4

SHA1
212ddd9a3523f1b33c8cbdcb9bab838829f5ac2b

SHA256
be81606d6406013897c722372356aab062cfedde9a720dc50c6ae56fd630984f

SHA512
72a02e9bcbb1adb8ffc1f2075d4a375b2b6bd8319865d78dd116cc9cb9a778f57af9fa4ff9c8d08385f8f518a580fd7fce651bb21f221f7122721d31aa2c3f95

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
468KB

MD5
ebab76819531b2b948acdb9052d2d801

SHA1
c187d6b329c040ffcff1b7a5164fbf5d779fd2fe

SHA256
19f9720dcda451bb5906df73b06ac7e62d4f6ac6b1b26686a7387b55085c751c

SHA512
cad3103f8f467985a2c8fcae4f75f4c5bec675be0f3cbb892f9b1bc0ec51bf75c903a2240e2cea46d3a91b964a8019e306c401302790be748d3f20f931499b9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
572KB

MD5
4504361eb584b5bfe8c06e0960018b4e

SHA1
6d24dc40cda531860b6908f484e9034f0f472577

SHA256
ec0d2d36b0cf6cc4f438a6adf6120f42c1639a2059f811ae579c46ea4b9be593

SHA512
a537c5862a8cf9ec32fd1ddff863f086202c89e37eb20c669c44b6c31323b10d63621d25051b0cac7bcfa688cdb28158d840e564bb8b09bd07f0b5b039203abb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
469KB

MD5
ce84c3a5dfff553fbbb2ed25ab5c474b

SHA1
cf4341f49e8d6f7844d6edcf4c55a43b547a6729

SHA256
6e369684216dcf0809ceeb5ff95caf96a283e2bcf8e928003eb4da7674746f76

SHA512
d6aaceb90b50594fb2b9eaa9ee471f175768fec61d698ef4219b974ad512d9cc88add46e483cc1a11631a2ce2e799c67c7aa6733798dbfae6bc03faaeb120fd0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
676KB

MD5
90319726443fb89b697fc4657351bcb0

SHA1
48f9016ba1534ae9df8ef9acb4ef701ab31f6b5e

SHA256
1dff49cacbdb50bf504a4c3afdb1cda0e2038d38598e82b11bfba9458a13e4a8

SHA512
322ee59b9bb1839b2545e044e84ea258517326e68abe52a03dec7a1da84bccfab33da37598c76fe70739cf2ef9e59a49d02d5ed2ae953c2c719d6322689f0a80

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
469KB

MD5
35c0ac62bae0feafe475e9e79f954afc

SHA1
a17d4f295a66c1b8f02b844090fd8a3cc0bb3e3f

SHA256
f6482157123dbdfdef126960362220a20cdf1585c8c414bfb4b6c0a604515129

SHA512
416b020af8c87bc7699f5465462011b6ffbfdba8a79b59578ecf5161d72a13792a24347bf1b5bf14c41b049bf0e905e764c813b7ee4e41a6d9e3e8684dee8cf3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
677KB

MD5
bb85a252d69325803283c36b45bf12b8

SHA1
cc3803907fccf68ec9e7eec127fe98d8bec86c23

SHA256
1fe951dd11942f77f9ba3af9a832e07d5cee70fd1108807e683138ca9e0a7d22

SHA512
462233efc8ef6982ee71660adb2cad5d87a66a6d0a971491a6336a537a1a68b9a7f33c36a259c0f1fc300b5f83ccfa50a2b15cb8167e2904c618d9febd80ad81

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
469KB

MD5
d21f28b72f59df6ba065633c1340371e

SHA1
278568597911d4ecad23a9a9cd912c10adf4ae7d

SHA256
38c109e6bf6fecedd53a5630bc2b38425161173cab7e6dc71f0edf946137063f

SHA512
aeaca5635f9de94f78a001e1cf1bd2a384ad5e3093b42bfd264245a4f2039e1e04d8c632e7a255e86d8c0fe6414cbd1b50d88972aa07865c77410fe2bdc34d36

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
677KB

MD5
f46c4123b4f32747d0b87c11662089c4

SHA1
4b349ab34da4f473d8b0d48a55ee7b2b4570ae78

SHA256
51d5c2389ed4a622f4901539805b864888d8d952c90a03079244f53bca7a1978

SHA512
6277fe14eacb2cd73cfcaf710c4a71b0a6f6c79a988c845d23feff4133e06bc4905db28a98c5504558ab0d7bb09a2ab3ec22327a3d00b2ac64b7f6c3fa68a3f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
469KB

MD5
3c75947f7f4e7c620d850439f859c1a8

SHA1
1adc3e802d0bc89195eb4f74c32a5fc11b57847e

SHA256
395c1df593344b6946c78fcaa41a0d1985e1e3993341ea86816d0ae679ae541b

SHA512
02a5761b841cf44afb1111209db1e3e207032332e9693c53bd9154f60c7fe1ef040d8f8a063d4655832ededdaf28b755bdea10579b80ba89189c677cadfbafb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
680KB

MD5
bc0503905c5cce408557515be48058ea

SHA1
9a68f8681fc723af84ea43cbd00b7350e8d56d5d

SHA256
f468af3b5a11fe24a4f5adabca60038c0493964331c63d1608005fdab918521b

SHA512
03df13f10a1f1e5fd0786a5d6b4693cdf2a3da3288ea13b33d7932b1dc3691146646790a795a84c18df7cd617b6fc68f9b50e5fe9739834342a8bf31b6d3b250

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
676KB

MD5
a8724f9ddc92885985d2bd7637c770e3

SHA1
5ee2df13a2fbfdd381017c57e569b87d4c344f35

SHA256
c6332726262ad37481442cc40af8fc03df20e7be120efcdb88cfb02e43b54863

SHA512
89f7857d78e5f807b5ff3a8e6cebe08e4fdb948700d39a50749041e1c438647bb3996f7b4ba93774d2d846c920ef79d7ea84e3594760e3e864288bde316ebb83

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
680KB

MD5
b8c16af5a6e336d40f5675b151a28a17

SHA1
48fc331055a6c9b60651b82425c6ce8d5967a21f

SHA256
a4b1d69a760ccdf6af825798f52f78f2f95156037245ab4ae654ffa78a15fa86

SHA512
276b1dacfa3e4ca301c8309c1714bf8f1e3079e82043806ded8d88aa001de87a6b5c6cae896d136a793ba600dd2c9647245e3061345e20ece19fa60e395826ca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
676KB

MD5
5883facd7c828897309c6013237af7fd

SHA1
c6e53fa761c38f7946c7bd4c199c747b95fed465

SHA256
fa3c1ad3467d2183fcb9b87c70c5e03e00f6db0a62eb63140f26c8db8dfc55db

SHA512
45d83674d514e9ae972a4901a5c0dee636c946ac3955c88af28e50d802e47deacbd59aa2d1ccd273b2691646537c25d2f2406086759ae66d643de91a72f21480

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
681KB

MD5
8a311287f031210770bdcf0d8bbe8bf5

SHA1
68201762c9e37f5ae4d938e4596dbf182d597b7e

SHA256
63d13aa3472503b21b4239a230a95390b2538590689f1e88fe75c863114ab0f2

SHA512
73dedff6a7e1b2ae89fc1b9bf716ad3a9541c7fc578d541ae145c733a2ce36e3b7670949f7e083da227c9448a35f15a25dc72a8af9a60198727bf3a49569ecb1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
677KB

MD5
967d0ea3546da72bcab5a973213f858d

SHA1
bf48f65e088366f985e4ef6ca31078f084b2b48b

SHA256
5c9a542762044393f2ef7b7a543a4d37f875f9790ee46b4ba81f4eed100ef9aa

SHA512
5aba9fcf45b2a7395cad464dea4b0928b34efaffb3f2aec3cf2e4d1c3a77556be6088bd493704fdd63bef8a9dfaaac24b9c2c98a8f2fce6a71a5fcec12ab2990

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
677KB

MD5
89c35f3c3055b5f28268aa1573b69ea9

SHA1
e1374507693afbf8a2dcf254bfcb66d4465dff69

SHA256
9a8df51097a5fadfda8268e102ce3bb691e615360063fb50b3749a43115168f4

SHA512
0400340fb199257dda5b89a32c63044d6319659f13f17169f5ce1b828967c7cecc07b926597560073754608558232c0dd681123a2a5d600b1915f7389ab8b7cd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
680KB

MD5
e045a67104641d331360cc2a2fcb9d3e

SHA1
06f19174ecb571483a4c338edb2bbbf38eb22882

SHA256
0db5951a089798054b13cdb5c1335e8fcc16f7fed0158e5ebb7a8953cfe4344d

SHA512
5a5d31c54f4a55c87f46d0616778091fbe0a8fa2aff2e3f08090750aee4db720634aa65239d2c5a6cf9a09ef3d5a37370c3684ac4c16647d697da3a4728c950c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
680KB

MD5
84b24825e6421c93a0ce080203d0ae80

SHA1
b0f6f22dba4cf0bc6bc89fdc0fde33e72137d633

SHA256
0d46a4996fd0447591065ac161c774a54770b9d10e8767ecf8c8a24b7e36a7c0

SHA512
b9a643c46f2c48f4eff1c2f9fa3cd4c7bf83559bbae5c2a30931b0ca952d1ea5f32b8c87394cf0ec97c07f294aa134c23e7d8716a089bd92cba746452f9aab88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\sessionstore-backups\recovery.baklz4

Filesize
681KB

MD5
92a09d93ec12173ab4f63537f47ef5c9

SHA1
6780b40d9f38de829c6749fcfe96e12b59d70854

SHA256
d5067ae367e94a2189e4939428194fb52aa8d9b0ceab9cde8ea09d67fdc54efd

SHA512
1cd10d6a8558ef9fb2c51604d9a4d462e1b813088c1d9a6bdae28353163525b8f8967d46c619cbbe6df1a4241eaf900952b0c24ec9ddbd78fe114429716219d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\storage\default\https+++www.roblox.com\ls\data.sqlite

Filesize
8KB

MD5
6b24d426b5a9897e4e6eef7107670140

SHA1
6ae155dfd963d7c41065f42a3dbb24716511ee0c

SHA256
9661f28492e9591c2c30ba16eb0f3fe4bdbb8112037f7422346a87616bbd3b60

SHA512
deeba7896ffee06132ef259bafe3028c2f6ad00d8bbd491892453d834d3134b5cff034fc99328b000abe9ada5f47e362a9957888a09a97ca19919e4e12516dca

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
600KB

MD5
c5d7c62cab4321b030fa74674bda49ec

SHA1
319344528806409e97cb6b02f4dcdb2e76271f44

SHA256
7c4613e2c4acd6dbcb1917f280066f9e81dad94a502cd85b20ad0cd9d2b7c54a

SHA512
fecc772b4f8c05373784fb5958801c17c560f7c70327f17d25bc48753e1c8670ff170c46040e7de9217432d7665c29ceacfe2ed99c4d14cfa15d28c2afb2b30f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\zrrtvxky.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
600KB

MD5
21f91ab78c0fd186336de96220dea7de

SHA1
e48b590369890b92ce987ea87f186bd1b2e912c7

SHA256
a55fef131964708ed88cedf079f1daf79fb05d6825a036ce3b55eb161d7aaf74

SHA512
dbbbf4a645cddb262131e72823e24b09e854241979cf4824a52df2ac5d07dc3777e5e635df4911b2f55e179eefbbff744bff3dcfd850c2cfb19908e2ef677ef6

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
666c91d18623db30e148a405e687e98a

SHA1
44a93bd226da3c6f52ba79e3235131d379b7a942

SHA256
737d5c42e28054247e8c2788e21e1d88b8a852fc997ec848084f805efb6ec19d

SHA512
35f247960f22970842466557c42960e114621ebd8e0f062c7cf3e7e34ef1ff86fef9fb144f2156b3362c2a7e26dcf03313672b013ac57f112c7fc600d1a54ee2

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
2a547fb659210165dc73c7f71c75178f

SHA1
78c78a97997dbff7ef9ee9a0d384cefaef261bb6

SHA256
2a76890d5ea5e13e88228b8a8a95f7d3defc078ad0ffe2ac9fae97a7d11a3955

SHA512
9e687d3c055f6628846a6557b1556b28440d518961f93d94c2a75ebc0d41c977ceab38e1412bd8a11959a7f688de26f49c82d7acec7b8c2b3bc1b7810db50e9e

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.1MB

MD5
96a284139298650a8002ae7e4c4cbbdc

SHA1
9241b1fb93ad1711cb8e830d5512eeb0e6d75b20

SHA256
d47994eef1b42a543bdadf2f0edb1415bd2b0cb306a6046c52c504053e81b764

SHA512
0bd0e4150456fa10a20c6b32295e0e6633d4b90450c12f41305301e50d6444232e24b4d9608add948c83900031c933ea2efa9aab5f1e24e966de15fc06a0be62

Download Submit
C:\Users\Admin\Downloads\mitmproxy-10.4.2-windows-x86_64-installer.exe

Filesize
47.5MB

MD5
47d4267f0d19664d984785d5796b2320

SHA1
6f9dd559edf01d6ce2df5d4ef0091f0d7d323611

SHA256
2124f32336613f2fdf4c35e4c45c8778880005a18527580925f2e65c851d8fa9

SHA512
d57316c3c6081e1d290f51a03fceb5c7d939c279303fb95fb7db4cc491667f4f814e936ef58be974ccaaaa294a298678f5d1454a3ad4d2b3c2676f83723ec75c

Download Submit
memory/2124-821-0x00000000568D0000-0x00000000568F6000-memory.dmp

Filesize
152KB

Download
memory/2124-2554-0x0000000066680000-0x0000000066695000-memory.dmp

Filesize
84KB

Download
memory/2124-2558-0x00000000568C0000-0x00000000568CE000-memory.dmp

Filesize
56KB

Download
memory/2124-822-0x0000000066680000-0x0000000066695000-memory.dmp

Filesize
84KB

Download
memory/2124-2557-0x000000006C580000-0x000000006C599000-memory.dmp

Filesize
100KB

Download
memory/2124-2556-0x0000000067C80000-0x0000000067D09000-memory.dmp

Filesize
548KB

Download
memory/2124-2549-0x00000000007B0000-0x0000000000A8D000-memory.dmp

Filesize
2.9MB

Download
memory/2124-831-0x0000000063100000-0x0000000063114000-memory.dmp

Filesize
80KB

Download
memory/2124-830-0x0000000063980000-0x0000000063994000-memory.dmp

Filesize
80KB

Download
memory/2124-829-0x0000000056880000-0x00000000568B2000-memory.dmp

Filesize
200KB

Download
memory/2124-828-0x0000000066C00000-0x0000000066C1B000-memory.dmp

Filesize
108KB

Download
memory/2124-824-0x0000000067C80000-0x0000000067D09000-memory.dmp

Filesize
548KB

Download
memory/2124-2560-0x0000000066C00000-0x0000000066C1B000-memory.dmp

Filesize
108KB

Download
memory/2124-827-0x000000006CA00000-0x000000006CA0E000-memory.dmp

Filesize
56KB

Download
memory/2124-826-0x00000000568C0000-0x00000000568CE000-memory.dmp

Filesize
56KB

Download
memory/2124-825-0x000000006C580000-0x000000006C599000-memory.dmp

Filesize
100KB

Download
memory/2124-2555-0x00000000710C0000-0x00000000710F4000-memory.dmp

Filesize
208KB

Download
memory/2124-2559-0x000000006CA00000-0x000000006CA0E000-memory.dmp

Filesize
56KB

Download
memory/2124-2553-0x00000000568D0000-0x00000000568F6000-memory.dmp

Filesize
152KB

Download
memory/2124-2563-0x0000000063100000-0x0000000063114000-memory.dmp

Filesize
80KB

Download
memory/2124-823-0x00000000710C0000-0x00000000710F4000-memory.dmp

Filesize
208KB

Download
memory/2124-2562-0x0000000063980000-0x0000000063994000-memory.dmp

Filesize
80KB

Download
memory/2124-2561-0x0000000056880000-0x00000000568B2000-memory.dmp

Filesize
200KB

Download
memory/2124-820-0x00000000007B0000-0x0000000000A8D000-memory.dmp

Filesize
2.9MB

Download
memory/3856-5642-0x0000024FAB560000-0x0000024FAB561000-memory.dmp

Filesize
4KB

Download
memory/3856-5640-0x0000024FAB560000-0x0000024FAB561000-memory.dmp

Filesize
4KB

Download
memory/3856-5639-0x0000024FAB560000-0x0000024FAB561000-memory.dmp

Filesize
4KB

Download
memory/3856-5641-0x0000024FAB560000-0x0000024FAB561000-memory.dmp

Filesize
4KB

Download
memory/3856-5633-0x0000024FAB560000-0x0000024FAB561000-memory.dmp

Filesize
4KB

Download
memory/3856-5634-0x0000024FAB560000-0x0000024FAB561000-memory.dmp

Filesize
4KB

Download
memory/3856-5638-0x0000024FAB560000-0x0000024FAB561000-memory.dmp

Filesize
4KB

Download
memory/3856-5635-0x0000024FAB560000-0x0000024FAB561000-memory.dmp

Filesize
4KB

Download
memory/3856-5637-0x0000024FAB560000-0x0000024FAB561000-memory.dmp

Filesize
4KB

Download
memory/3996-2715-0x000001F18EFA0000-0x000001F18FA61000-memory.dmp

Filesize
10.8MB

Download
memory/5440-2976-0x0000000062800000-0x0000000062813000-memory.dmp

Filesize
76KB

Download
memory/5596-3300-0x00000138A8540000-0x00000138A8541000-memory.dmp

Filesize
4KB

Download
memory/5596-3302-0x00000138A8540000-0x00000138A8541000-memory.dmp

Filesize
4KB

Download
memory/5596-3303-0x00000138A8540000-0x00000138A8541000-memory.dmp

Filesize
4KB

Download
memory/5596-3306-0x00000138A8540000-0x00000138A8541000-memory.dmp

Filesize
4KB

Download
memory/5596-3296-0x00000138A8540000-0x00000138A8541000-memory.dmp

Filesize
4KB

Download
memory/5596-3295-0x00000138A8540000-0x00000138A8541000-memory.dmp

Filesize
4KB

Download
memory/5596-3304-0x00000138A8540000-0x00000138A8541000-memory.dmp

Filesize
4KB

Download
memory/5596-3294-0x00000138A8540000-0x00000138A8541000-memory.dmp

Filesize
4KB

Download
memory/5596-3301-0x00000138A8540000-0x00000138A8541000-memory.dmp

Filesize
4KB

Download
memory/5596-3305-0x00000138A8540000-0x00000138A8541000-memory.dmp

Filesize
4KB

Download
memory/5816-2697-0x0000025D35010000-0x0000025D35AD1000-memory.dmp

Filesize
10.8MB

Download
memory/6920-2542-0x000002C2C84D0000-0x000002C2C84F2000-memory.dmp

Filesize
136KB

Download
memory/6920-2569-0x00007FF90B050000-0x00007FF90BB11000-memory.dmp

Filesize
10.8MB

Download
memory/6920-2566-0x00007FF90B050000-0x00007FF90BB11000-memory.dmp

Filesize
10.8MB

Download
memory/6920-2541-0x00007FF90B053000-0x00007FF90B055000-memory.dmp

Filesize
8KB

Download
memory/6920-2564-0x00007FF90B050000-0x00007FF90BB11000-memory.dmp

Filesize
10.8MB

Download