b7d2c17e0038945aa4b72ae7a89e54d29b04ccc0feb62df5c9b7b67de43c2530

Analysis

max time kernel
599s
max time network
601s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
07-12-2024 03:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

backgroundTaskHost.exe
Size

49KB
MD5

8bde0ae40012bd639fc60e494cc32356
SHA1

422ae532bc5ee74b13ee0be406a62c706b81f7ec
SHA256

b7d2c17e0038945aa4b72ae7a89e54d29b04ccc0feb62df5c9b7b67de43c2530
SHA512

64dc6fafbe6ed242304d2df1c8c1581101bdea97290d7aaa26d5a465eb9145f8e31617f4e55d5487af43d9ebce8f4e39a997b37af808983f6a4ba75c05dd8a0d
SSDEEP

384:10ZoYK6BABHcYLWKGWydDBRJeHR9z37zk:1VBHRZad1Pc9zr4

Score

8^/10

microsoft defense_evasion discovery phishing spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 9 IoCs

pid	Process
3412	OperaGXSetup.exe
1968	setup.exe
3396	setup.exe
2968	setup.exe
1120	setup.exe
3172	setup.exe
4980	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
4956	assistant_installer.exe
3780	assistant_installer.exe

Loads dropped DLL 5 IoCs

pid	Process
1968	setup.exe
3396	setup.exe
2968	setup.exe
1120	setup.exe
3172	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 52 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\G:	SearchIndexer.exe
File opened (read-only)	\??\k:	SearchIndexer.exe
File opened (read-only)	\??\K:	SearchIndexer.exe
File opened (read-only)	\??\Y:	SearchIndexer.exe
File opened (read-only)	\??\y:	SearchIndexer.exe
File opened (read-only)	\??\z:	SearchIndexer.exe
File opened (read-only)	\??\h:	SearchIndexer.exe
File opened (read-only)	\??\H:	SearchIndexer.exe
File opened (read-only)	\??\P:	SearchIndexer.exe
File opened (read-only)	\??\r:	SearchIndexer.exe
File opened (read-only)	\??\u:	SearchIndexer.exe
File opened (read-only)	\??\x:	SearchIndexer.exe
File opened (read-only)	\??\w:	SearchIndexer.exe
File opened (read-only)	\??\B:	SearchIndexer.exe
File opened (read-only)	\??\g:	SearchIndexer.exe
File opened (read-only)	\??\n:	SearchIndexer.exe
File opened (read-only)	\??\N:	SearchIndexer.exe
File opened (read-only)	\??\T:	SearchIndexer.exe
File opened (read-only)	\??\V:	SearchIndexer.exe
File opened (read-only)	\??\m:	SearchIndexer.exe
File opened (read-only)	\??\R:	SearchIndexer.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\i:	SearchIndexer.exe
File opened (read-only)	\??\I:	SearchIndexer.exe
File opened (read-only)	\??\j:	SearchIndexer.exe
File opened (read-only)	\??\L:	SearchIndexer.exe
File opened (read-only)	\??\s:	SearchIndexer.exe
File opened (read-only)	\??\Z:	SearchIndexer.exe
File opened (read-only)	\??\a:	SearchIndexer.exe
File opened (read-only)	\??\A:	SearchIndexer.exe
File opened (read-only)	\??\D:	SearchIndexer.exe
File opened (read-only)	\??\t:	SearchIndexer.exe
File opened (read-only)	\??\W:	SearchIndexer.exe
File opened (read-only)	\??\q:	SearchIndexer.exe
File opened (read-only)	\??\Q:	SearchIndexer.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\E:	SearchIndexer.exe
File opened (read-only)	\??\l:	SearchIndexer.exe
File opened (read-only)	\??\o:	SearchIndexer.exe
File opened (read-only)	\??\O:	SearchIndexer.exe
File opened (read-only)	\??\p:	SearchIndexer.exe
File opened (read-only)	\??\v:	SearchIndexer.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\b:	SearchIndexer.exe
File opened (read-only)	\??\M:	SearchIndexer.exe
File opened (read-only)	\??\S:	SearchIndexer.exe
File opened (read-only)	\??\e:	SearchIndexer.exe
File opened (read-only)	\??\F:	SearchIndexer.exe
File opened (read-only)	\??\J:	SearchIndexer.exe
File opened (read-only)	\??\U:	SearchIndexer.exe
File opened (read-only)	\??\X:	SearchIndexer.exe

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier	firefox.exe

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{80009818-F38F-4AF1-87B5-EADAB9433E58} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000000e408eed5748db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E2FB4720-F45F-4A3C-8CB2-2060E12425C3} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000011544deb5748db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-10046 = "Internet Shortcut"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-913 = "MHTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000018340e95748db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wdp\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-126 = "Microsoft Word Macro-Enabled Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000005dae2e95748db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000271e7ce95748db01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9910 = "Windows Media Audio/Video playlist"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\My	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-124 = "Microsoft Word Macro-Enabled Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@windows.storage.dll,-34583 = "Saved Pictures"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-175 = "Microsoft PowerPoint Slide Show"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\OpenWithList	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000009162bdeb5748db01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000880e85ea5748db01	SearchProtocolHost.exe

Modifies registry class 6 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-3587106988-279496464-3440778474-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2600	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2600	vlc.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeDebugPrivilege	4908	firefox.exe
Token: SeDebugPrivilege	4908	firefox.exe
Token: SeDebugPrivilege	2168	firefox.exe
Token: SeDebugPrivilege	2168	firefox.exe
Token: SeDebugPrivilege	1968	setup.exe
Token: SeDebugPrivilege	1968	setup.exe
Token: SeDebugPrivilege	2168	firefox.exe
Token: SeDebugPrivilege	2168	firefox.exe
Token: SeDebugPrivilege	2168	firefox.exe
Token: SeDebugPrivilege	2168	firefox.exe
Token: SeDebugPrivilege	2168	firefox.exe
Token: 33	5136	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	5136	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	5136	SearchIndexer.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
4908	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2600	vlc.exe
2600	vlc.exe
2600	vlc.exe

Suspicious use of SendNotifyMessage 2 IoCs

pid	Process
2600	vlc.exe
2600	vlc.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
4908	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
2168	firefox.exe
1968	setup.exe
2600	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4220 wrote to memory of 4908	4220	firefox.exe	80
PID 4220 wrote to memory of 4908	4220	firefox.exe	80
PID 4220 wrote to memory of 4908	4220	firefox.exe	80
PID 4220 wrote to memory of 4908	4220	firefox.exe	80
PID 4220 wrote to memory of 4908	4220	firefox.exe	80
PID 4220 wrote to memory of 4908	4220	firefox.exe	80
PID 4220 wrote to memory of 4908	4220	firefox.exe	80
PID 4220 wrote to memory of 4908	4220	firefox.exe	80
PID 4220 wrote to memory of 4908	4220	firefox.exe	80
PID 4220 wrote to memory of 4908	4220	firefox.exe	80
PID 4220 wrote to memory of 4908	4220	firefox.exe	80
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3032	4908	firefox.exe	81
PID 4908 wrote to memory of 3404	4908	firefox.exe	82
PID 4908 wrote to memory of 3404	4908	firefox.exe	82
PID 4908 wrote to memory of 3404	4908	firefox.exe	82
PID 4908 wrote to memory of 3404	4908	firefox.exe	82
PID 4908 wrote to memory of 3404	4908	firefox.exe	82
PID 4908 wrote to memory of 3404	4908	firefox.exe	82
PID 4908 wrote to memory of 3404	4908	firefox.exe	82
PID 4908 wrote to memory of 3404	4908	firefox.exe	82

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\backgroundTaskHost.exe
"C:\Users\Admin\AppData\Local\Temp\backgroundTaskHost.exe"
1⤵
PID:1512

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4220
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1892 -prefMapHandle 1792 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4217517-e6b4-406d-8a33-c611cdae87a6} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" gpu
    3⤵
    PID:3032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 23714 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {714aea8e-9c58-4f5b-beed-a9fe3e9d9e6a} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" socket
    3⤵
    - Checks processor information in registry
    PID:3404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3288 -childID 1 -isForBrowser -prefsHandle 3280 -prefMapHandle 3276 -prefsLen 23855 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {478b773c-5654-49ee-a610-d5a9dce5df47} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
    3⤵
    PID:1180
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3200 -childID 2 -isForBrowser -prefsHandle 3204 -prefMapHandle 3696 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {368cc4db-4f4d-43c2-89f6-9335708fb124} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
    3⤵
    PID:3988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4412 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4456 -prefMapHandle 4568 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b368866-3222-445a-83b8-8ba1b3b3751a} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" utility
    3⤵
    - Checks processor information in registry
    PID:640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 3 -isForBrowser -prefsHandle 5416 -prefMapHandle 5412 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ac1a450-1202-460d-978e-059492ca7610} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
    3⤵
    PID:4696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 4 -isForBrowser -prefsHandle 5352 -prefMapHandle 5360 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f01d4e08-266e-4c8d-b5ef-bbdf37869578} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
    3⤵
    PID:4700
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5700 -childID 5 -isForBrowser -prefsHandle 5776 -prefMapHandle 5772 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7c51e749-c148-4bb7-aadf-198cd4a79d44} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
    3⤵
    PID:3612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6244 -childID 6 -isForBrowser -prefsHandle 6236 -prefMapHandle 6232 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1304 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cfcf552a-6ebe-4ff5-a524-bd5f805dd67a} 4908 "\\.\pipe\gecko-crash-server-pipe.4908" tab
    3⤵
    PID:1960
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe"
    3⤵
    PID:4772
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe"
      4⤵
      Subvert Trust Controls: Mark-of-the-Web Bypass
      Checks processor information in registry
      Modifies registry class
      NTFS ADS
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SetWindowsHookEx
      PID:2168
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1824 -parentBuildID 20240401114208 -prefsHandle 1752 -prefMapHandle 1732 -prefsLen 20321 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00cced33-2384-4942-b82c-8cc5a2277c16} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" gpu
        5⤵
        
        PID:4836
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2172 -parentBuildID 20240401114208 -prefsHandle 2164 -prefMapHandle 2160 -prefsLen 20321 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e81f843-f4f8-401e-ad5f-9054269267ed} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" socket
        5⤵
        Checks processor information in registry
        
        PID:1368
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3568 -childID 1 -isForBrowser -prefsHandle 3540 -prefMapHandle 3536 -prefsLen 25714 -prefMapSize 241207 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {455d9719-aad2-4118-a0a7-d64009d1c1b0} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:3084
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3912 -childID 2 -isForBrowser -prefsHandle 1288 -prefMapHandle 936 -prefsLen 26534 -prefMapSize 241207 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38a0e2c1-6013-42b1-a9be-84c9b5900382} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:4056
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4092 -childID 3 -isForBrowser -prefsHandle 4296 -prefMapHandle 4292 -prefsLen 27784 -prefMapSize 241207 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {852bec91-e736-45af-813f-065391a9716c} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:644
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3172 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4828 -prefMapHandle 4824 -prefsLen 33533 -prefMapSize 241207 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18a0719a-d94b-4d0c-ad0d-6bce0e7c67e0} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" utility
        5⤵
        Checks processor information in registry
        
        PID:1312
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5652 -parentBuildID 20240401114208 -prefsHandle 5620 -prefMapHandle 5616 -prefsLen 34368 -prefMapSize 241207 -appDir "C:\Program Files\Mozilla Firefox\browser" - {31d1ccab-c509-41bd-8cae-748e94aee457} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" rdd
        5⤵
        
        PID:4380
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5440 -childID 4 -isForBrowser -prefsHandle 1240 -prefMapHandle 2952 -prefsLen 32796 -prefMapSize 241207 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aa740b0d-7695-4520-9288-753077e1e5d6} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:4908
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5476 -childID 5 -isForBrowser -prefsHandle 3800 -prefMapHandle 3784 -prefsLen 32796 -prefMapSize 241207 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {61d3988d-a0bf-4bf6-98e1-f5ba702f4b4b} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:1000
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5480 -childID 6 -isForBrowser -prefsHandle 5840 -prefMapHandle 5836 -prefsLen 32796 -prefMapSize 241207 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb35fa81-e8a7-40e9-a805-e91e405f9fc1} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:1448
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5108 -childID 7 -isForBrowser -prefsHandle 5100 -prefMapHandle 5096 -prefsLen 33313 -prefMapSize 241207 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2445d4a7-b3bb-4816-891d-a6ae2cbeaca0} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:848
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6628 -childID 8 -isForBrowser -prefsHandle 6632 -prefMapHandle 6712 -prefsLen 33313 -prefMapSize 241207 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {477085cd-bfe0-4d64-b221-fb495c7a74fb} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:944
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7000 -childID 9 -isForBrowser -prefsHandle 6632 -prefMapHandle 6964 -prefsLen 33353 -prefMapSize 241207 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {634c8692-d2f6-4551-bce2-ddd10ff4d048} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:4592
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7136 -childID 10 -isForBrowser -prefsHandle 7144 -prefMapHandle 7148 -prefsLen 33353 -prefMapSize 241207 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52bdb2c6-8e00-4a18-bf50-bc66d84c5a81} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:3220
    - - C:\Users\Admin\Downloads\OperaGXSetup.exe
        
        "C:\Users\Admin\Downloads\OperaGXSetup.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3412
      - C:\Users\Admin\AppData\Local\Temp\7zS45DCC4B8\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS45DCC4B8\setup.exe --server-tracking-blob=MGFlMTM0ZTljN2EzODE0ZTVjNzNmYzJjMmZiMzFhOGRiM2VjNmExMjJlZWEwMDY0MGM3N2NmYzUxZjY2ODUzOTp7ImNvdW50cnkiOiJTRSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1kdWNrZHVja2dvJnV0bV9tZWRpdW09b3NlJnV0bV9jYW1wYWlnbj0lMjhub25lJTI5Jmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZkdWNrZHVja2dvLmNvbSUyRiZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPWR1Y2tkdWNrZ28uY29tJTJGJmRsX3Rva2VuPTM2NDgwNTQ5IiwidGltZXN0YW1wIjoiMTczMzU0MTYwMy42NTI2IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTI0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTI0LjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiIobm9uZSkiLCJsYXN0cGFnZSI6ImR1Y2tkdWNrZ28uY29tLyIsIm1lZGl1bSI6Im9zZSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJkdWNrZHVja2dvIn0sInV1aWQiOiJmOWZiMjQ4ZS04NTc2LTQzYTItOWZjYi1hYjRlODI1Y2RlMzMifQ==
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        Modifies system certificate store
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1968
        
        C:\Users\Admin\AppData\Local\Temp\7zS45DCC4B8\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS45DCC4B8\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.248 --initial-client-data=0x33c,0x340,0x344,0x314,0x348,0x73fb6d4c,0x73fb6d58,0x73fb6d64
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3396
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2968
        
        C:\Users\Admin\AppData\Local\Temp\7zS45DCC4B8\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS45DCC4B8\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1968 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241207032015" --session-guid=fb1ef1fc-814b-4cce-bf7a-2891d806f905 --server-tracking-blob="MmJhMzM0YWRhMGNjOTlmMTZkYmMzZWFmYzRhMjYyNDQ2ZjM4MGUxMWRkMjZkZDQwMWQ5OGUxMzZkODAzYWUxYjp7ImNvdW50cnkiOiJTRSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1kdWNrZHVja2dvJnV0bV9tZWRpdW09b3NlJnV0bV9jYW1wYWlnbj0lMjhub25lJTI5Jmh0dHBfcmVmZXJyZXI9aHR0cHMlM0ElMkYlMkZkdWNrZHVja2dvLmNvbSUyRiZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPWR1Y2tkdWNrZ28uY29tJTJGJmRsX3Rva2VuPTM2NDgwNTQ5Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTEiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzMzNTQxNjAzLjY1MjYiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMjQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMjQuMCIsInV0bSI6eyJjYW1wYWlnbiI6Iihub25lKSIsImxhc3RwYWdlIjoiZHVja2R1Y2tnby5jb20vIiwibWVkaXVtIjoib3NlIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6ImR1Y2tkdWNrZ28ifSwidXVpZCI6ImY5ZmIyNDhlLTg1NzYtNDNhMi05ZmNiLWFiNGU4MjVjZGUzMyJ9 " --desktopshortcut=1 --wait-for-package --initial-proc-handle=5409000000000000
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:1120
        
        C:\Users\Admin\AppData\Local\Temp\7zS45DCC4B8\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS45DCC4B8\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.248 --initial-client-data=0x32c,0x330,0x334,0x308,0x338,0x719c6d4c,0x719c6d58,0x719c6d64
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:3172
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412070320151\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412070320151\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4980
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412070320151\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412070320151\assistant\assistant_installer.exe" --version
        7⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:4956
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412070320151\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412070320151\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x574f48,0x574f58,0x574f64
        8⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3780
    - - C:\Program Files\Mozilla Firefox\firefox.exe
        
        "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8116 -childID 11 -isForBrowser -prefsHandle 6888 -prefMapHandle 1364 -prefsLen 34373 -prefMapSize 241207 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {059348a3-e474-47e7-8904-d2f870c56167} 2168 "\\.\pipe\gecko-crash-server-pipe.2168" tab
        5⤵
        
        PID:2644

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:5344

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:5136
- C:\Windows\System32\SearchProtocolHost.exe
  "C:\Windows\System32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:1944
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 832 2592 2584 812 {0E5DCEC5-7795-4E38-9621-94DFD9F9A421}
  2⤵
  - Modifies data under HKEY_USERS
  PID:4056
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 832 2616 2620 812 {85EE815A-7738-4808-A14A-3AD87E32A3BF}
  2⤵
  - Modifies data under HKEY_USERS
  PID:4368

C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.22000.469_none_8c502cfed26c810b\TrustedInstaller.exe
"C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.22000.469_none_8c502cfed26c810b\TrustedInstaller.exe"
1⤵
PID:4296

C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.22000.282_none_8c338754d2830d3e\TrustedInstaller.exe
"C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.22000.282_none_8c338754d2830d3e\TrustedInstaller.exe"
1⤵
PID:5036

C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.22000.282_none_8c338754d2830d3e\TrustedInstaller.exe
"C:\Windows\WinSxS\amd64_microsoft-windows-trustedinstaller_31bf3856ad364e35_10.0.22000.282_none_8c338754d2830d3e\TrustedInstaller.exe"
1⤵
PID:944

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:460

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Desktop\GetStop.m4v"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\update-config.json

Filesize
102B

MD5
7d1d7e1db5d8d862de24415d9ec9aca4

SHA1
f4cdc5511c299005e775dc602e611b9c67a97c78

SHA256
ffad3b0fb11fc38ea243bf3f73e27a6034860709b39bf251ef3eca53d4c3afda

SHA512
1688c6725a3607c7b80dfcd6a8bea787f31c21e3368b31cb84635b727675f426b969899a378bd960bd3f27866023163b5460e7c681ae1fcb62f7829b03456477

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
ae7e38d252c3d4941f2f8922ab2b0ff1

SHA1
f4b98dd0ce46d29b60e2782427ba2d5f495fcd4e

SHA256
9594787cca82496ecda908d32a7d91d6144a28c72772d9483c32bdc6f10b6627

SHA512
39678cbe1a6c63554fcb2935bf5d8064d92b9e1eccec78885a5277328047e0f92ee45e8f05b3944ee3ec03658e7b0d6bc1fc70b53d0d3c09b961cca00f6ed13e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\0305BF7FE660AF5F32B4319E4C7EF7A7B70257A3

Filesize
13KB

MD5
5af60e39d39b246507127fd1a225615c

SHA1
c219b9464d9a98cf3262f05c4b4b280906feb8bd

SHA256
04a0ecc356715ee563a67081dd84d629955ffebf6808a02a6825f5f8112674e8

SHA512
d2a33c1868ab5387973fb167010cec2354fd4c10ce06c4ad31f43cf324cb5399dbd4dbd8923603f554e94dc028b2251bc0d9a261de97c30dc2c570c353cfc23b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\14CF59215222F5621909CB5E4C4C28F10E716116

Filesize
9KB

MD5
17de96a39b77dbd7e2bca2b3bc555b97

SHA1
d60bd63abe1de60ab45e80e1615d18af2fa08832

SHA256
402de6be01ea30d4a04e2e0483412a5fd5d7688fae99a247dc165e23e963f9ee

SHA512
d81eb1e5e619ed75b8f1ba396c91bd4091d81ae48ba726a338a3b97dce8b1acde6f3d28cf3902adbcab8cf3644312c5cd566d52fca272d7539bd5775062587d2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\254256B27E0C48CF9B80B695F0B3B8CA84610495

Filesize
9KB

MD5
062b69241ba354f59adae14daad25dbe

SHA1
5a6b7192538ffc706c44e776e21859e76a978cc5

SHA256
55ded729ae634fdb919b965654362be73562c695b194a01497924d17aec3787c

SHA512
026da062b33621e9046751726e30d23bc7436f2f7668ccc1dad1bb07feb5fded4a4722fbfe9259339c24edc941107e47f3f2560b2854fc80f05fe60137f93313

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\31CA5C8EBC711251C7C439DDF16E5BCC2AB3F3A8

Filesize
16KB

MD5
5904282f68e86f572483ad191ff6b780

SHA1
68a88c5ddb6eab619f96248742dee7ef7705c648

SHA256
9bb848d4699861c2e1be7b1a6d6f2c094e21ffe8d91cb9df8c7f3f79eba659c6

SHA512
b6d79534c123f4120026fa42b67a76cd0534aabde72ea40788456029b3d76bb6d153e17e111e1f477fe55a1b71237068a1df242b194ae1bebb4e865967333c27

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\37373F56CBD822F5FCF64BA01E1320A0924D8460

Filesize
24KB

MD5
38f18d3d91ffe6a7eff7d0bfd0910086

SHA1
781068a65d5d206b15ba32dbdb4da0b5665ba344

SHA256
af60b8ca7e8cb93693789f31a0056859723dfdf2bebd08381ebd98e3b08c8715

SHA512
dcf6c7045ea88eb65955031d90258d1d4e8e6f79013bf597fc47bacc3881b6d32d90bf33c3bf4040ca804b773ef8a6bcf76d00a232bd39ab74544b844b95e640

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\6D89348819C8881868053197CA0754F36784BF5F

Filesize
14KB

MD5
fd429029dee861aa6f6e00afca449465

SHA1
40e43ca09a141f98a6e6a7136fea6bae9546a357

SHA256
e0e7421ca12835262cbfd673150f9bc48c48c8ce08053ec1f637f96ba4ef9468

SHA512
a878ba49ddca253d7bb392babb5a859c95c5a2634c798c463a2f48c48d0522b1ee8fcf5cc857fe7a38fb52de0474345de4fb3f3d73ff393900e8d9e3108f9f9a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\7BFCF32544F467F973AF267DF4EB4842EDED0C1F

Filesize
16KB

MD5
54fe6e2aad4658b161adf2c9f2f73c74

SHA1
8c288f348bcd0fec4c7b9d6597a2f5179d5183e9

SHA256
818f4dbe221bc634298d71d65992115c010b41946949e9d06d5b13534e99e3bb

SHA512
8f80897c9ed77147a68303d6f2ec81224f94aceb9e079c9819243ef7db7f75281d69e01eb01b10797be9742344e64d95ecfe88cd1f31fd0a27339921cf36d604

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\8540EC873F08CBAD5DF5121BD3BABF95624B4A14

Filesize
10KB

MD5
1e18970f9ff6b26100c0b8be4830eceb

SHA1
13defef1603b8330442cf12d7542dff9371c29c4

SHA256
e3097c28feb55e9b0aab28de38317314fe5b554f7d018288eff041e7cf46fea6

SHA512
5e250279c7214f45cc05f4d263ade5d1e342075c08b05c142b70cc40c90f25ecd10d2a54241cad4f04a2a6bb540f5732a4815162bcb31277497fd75520705d7a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\9FC8C85689D31525EACE26158B83B464F43A027B

Filesize
23KB

MD5
b629a8393847235f07ece6def5d0036a

SHA1
83aabdb3c197dab3732575bf4f59e39740a6bf17

SHA256
4e35cb00ace31d64ce83b7ff2c9c5d7e34e8a8151efadf02caf837579c7037b5

SHA512
5eb0f48367105930138802e21c43009a1531b930b0126c31c65ad621328c828e22eb6add174d0d4e03313b43bd096dce6cd5b358821bc5642986e8f75950d6d6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\A97502B9F2DDE117F628379FDD9D73CCE963D92F

Filesize
8KB

MD5
8da57ea6a2ced683a9b84b79c2bacae6

SHA1
40c17061819abc348c3a779d6772016b2f028293

SHA256
8567027fde49cabeb143c717bf986fc246c0317f38fcd8b757b47465023e9998

SHA512
44f8dd7b8578b096b24decebe9d8351de8908ce044866d5441285ed02009c4029d267d9e5ed2faea72f1ec5c055998391a70afc5de1d1902648200ba8f368765

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\C500E8C3949C9252B3999969CAB31B7432CC6DA1

Filesize
224KB

MD5
7fc38f7c4db311f2a330d3592b599f5a

SHA1
94ba5ebbd6952ac6f572c9d0b4cedf002ebd4445

SHA256
9c0aee02af603c67c11a51dca9a95dcdc9bb36d00b3568a4497669b15cf1df46

SHA512
d197a1ca168dad4087a1de87c0c1ffbfe4315a26983109f069675c0cc680161f68094be780919fe8b7cd171f925f66bfae652e849253183440c691d547124e82

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\CE30F9E7CB4E0D8AEB054228E581960CC2812E48

Filesize
9KB

MD5
653589216295e14c678603061b90614c

SHA1
aebe7b00502b1ba4e4f3e70bf17c475ae76db742

SHA256
aa659475269f691990302d6f84ed6dea7e55e3f90b6d36b4d59832468241585a

SHA512
d52f76b7a0abd83e115f1da829035a74bb3b4ed209ed59e8efa77c4f7537be1c7301e43dba7932191ec7248c5deaa969e86bb5eb5883d59c427df5136a71b0ad

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\D0F48A0632B6C451791F4257697E861961F06A6F

Filesize
129KB

MD5
f3f2346bb7cb204062dd2d2e14df52f7

SHA1
a2cc3f652d4bc32b0b11371d723787498a95737a

SHA256
500567e8fbe2a1809de031c575ffb8433f8e90e390e318190367e419f229d937

SHA512
d1d89489500ac81cb17a382ca8df8f684a9d687f8e8804f9006d728f465316a26e31d7452c3bcb8eed7a2a9f9230932aadabc0482af528e57fc8444a37af57ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\DC904F6FE13AF2FDD1A89E5DC2045B0E5EE12A27

Filesize
224KB

MD5
20991056d1bd3e17131eb579bd0bfe3a

SHA1
133c4e272e0871e8902668260e750e656294ffb9

SHA256
b5121d8932deec47a3fbe1653c9d96be10a61c8e9958f69740bf04f430f2d4bc

SHA512
e2cd64e5150c1a2811e79ec46127b7c5d55e05fd76aa5b6f2e6e1435507052e26883e81bdef483d07a636854bbaba84b3842bc2dc6b245fdacf0ab5386857961

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\DCF5AE47E64066699757FB1AF7070061E1C6DDB6

Filesize
9KB

MD5
cb27e177ebcca8d1079129043cc60cdf

SHA1
72969db8432c2fd4f06a42f91ec6b33597bbb2b1

SHA256
a5cea6b7804f3a10e5abd2b3241c605e5e2e371ea41060ec222a7226532deafd

SHA512
946fd5378a45fd5e549fd433e2bcec4f0da9bfe3a555c3d7be5ea3fea816c9225dac0cdf735c3a00764e6c70ee085f8cf2488b8d6bc21dffd12e4f6c9b7de6de

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\DF88F41E5DAC45B039B785901EE8352DCC6CDA96

Filesize
50KB

MD5
ab033229a5c736563c91ac1bb96b1e6d

SHA1
75313ed5f606a22d5a4c0b4c2f85e40398306623

SHA256
c80e444a916301ac3e41716429877423bf948bb9a80758e75429d46509be9242

SHA512
bedc8b842ac0e4f519a521dd1581967c9f3c14a26dbd84534c5af9ab4382302c8acea147e4add5b8a2b34845b28cebed8ba396ffac29d7266516e756384cba2e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\F18D85F52EBBBA2AB081EF739ED0D6E8A76D497C

Filesize
298B

MD5
f3b9df5c77c2227b5eddbaa2c7435623

SHA1
058fa0e0b95f2e40548f4885a53b5689ab322ca7

SHA256
b608ec853ce83027df0008a6a176f61acf80480e18a02f1ba3e138e33abefb50

SHA512
21839f8815dbce2b50364cdf3650bca071da40e1deee1b1b9fc18ff16d1d0cf52a415e10f4e6cadd8bf86a4350dbc073d5acdab0c37ead5ada7423c43d2bbde9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308

Filesize
9KB

MD5
526cfddc4755e4cbebde3bc9c66dc8d5

SHA1
ad8432b94a4e4522ea131d9f9ae98e6cda5c1681

SHA256
b456749e29d0bf43c97fbfb1a73c524d83b5c4318090c0af3d0cadd97878699a

SHA512
d9eb465c27ffcfc6178baf620de6d9845c4c418b6ab3f1682b6c21c6c67ea8011878ae3937a903a0cb576898e71e23a72338242c24a0deea674b12a53fb66df7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cache2\entries\FD3C8B7B2C5FC530AE8D3FC8050677579C3D2E17

Filesize
10KB

MD5
7eef00cf028365fe8109f1018cefb1de

SHA1
fae2ab3a16964c07b29f4987ff79c09728eb7788

SHA256
a6679d2fc34f2cfdbaec9d0aaa60d82b26460502f162d82bee50579c511c7bf0

SHA512
03321f069fb6cc0750a808c8a378d1fe282ff1b798fb63c49ffa1dac96ade283ac92d31e906f36fc359dfa9c18297f29974585cb4fc4e73744f2f35c37407bf4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\startupCache\scriptCache-child.bin

Filesize
705KB

MD5
19bcb67b36d0284fb32873aad9382b44

SHA1
c2ce4e7798ff2373b2b576ded609847b5a472a70

SHA256
df3d383cba8360899ab4f9799f60b21d13514f32d5c5676a94fa985b501377ff

SHA512
0c19153c37e4fbeda74b0e32786a6fe99b2fab6c9691843a569f8613095e72b9d8c5a1128dcdfbc6c236dce4e5a514dce3c96ec17f22d4643120c7e00723fd1b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\startupCache\scriptCache.bin

Filesize
8.8MB

MD5
97033e105f3f3dea13abcc97e7eeb96e

SHA1
fdb1ed743608c8fbc84eea31779eecfac5fc430c

SHA256
9ef4499c0bf8efc37e07a98b26d07b1c27a4ecf0a20468f20317a892846cb89f

SHA512
8d568e6d56b9c61734ab53dc8cfe8901eac2f3b320277819c4ae0f5c3fa9b9c4154668722cb74ace4ba6fcd29fdea4928d29eb6a13b009f3d9807cc2da3fee5d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\startupCache\urlCache.bin

Filesize
2KB

MD5
8f75b0d1a142c9ea6a181437c674f37d

SHA1
fcefce1d1271d8518e35c0d9d412953f7f911a14

SHA256
dcf4e286693e6a7f50dba9026d8c30918e3e8d611249e6ea41b777806b7cd90e

SHA512
c20dbea517e59ed1ec830b339a7dc244dbe43ebf5223b055b7c056b7e3ecc12e1c1e7dc9f931d5d64d42e3e333ac1f7c951923544a1f5a25ba9b69ce844c60fe

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dfn8djy7.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
2c7f20389315565ba532c91ceda57668

SHA1
e174329b28a048e2d4459dfe5bca474d9357292a

SHA256
0e31235ff7053f949fffef94d1c8c378d7d2c00e2c850123a6c6a7f42201326d

SHA512
ac92c90d10e0ef7cdfeb45946e135b138245c21d230638c838544a6a3ce4f5ee7655c438662b446023d509f6fca22b31d00a2197a57d15526f5d1e8d804be45b

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\c1077674-1094-4e31-a2e3-bea64d199c3f.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202412070320151\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45DCC4B8\setup.exe

Filesize
6.5MB

MD5
6c3a823e4c0ff48ed24431a455d6513a

SHA1
6e5600d2314c99fe9f0b1f12c0f521ea76e1067f

SHA256
c12104c803253d07c095b6a224326020df79c768e2fdd50729d94e7bee1055cf

SHA512
26421c1654331189453e3241d163b804373c4b5138523ab773d367a867b821743ec44b2db1de5bdbc5a20bf9e5a43f005fe898f50d1b3d99e18937de16d48af6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2412070320150061968.dll

Filesize
6.0MB

MD5
2502d702adfde5217b943de71c592ae7

SHA1
eccfbab82cf199e4c0da616213190512c3174b41

SHA256
c0e0a2b8bc054f73cd150ede40bc0aaf02fa6afc12c44a9261d32ec72dc6a74b

SHA512
ad53d3935f98d8e4e0a69fb796414ab35d4c1b70f876776fc669f18cfae3cfa36ded8c83c0c66c0eca11e224165a94028074cccee404b8593de3fa262f433df4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\96SH4BUMFS9K6RC39JUV.temp

Filesize
16KB

MD5
ad33bddcb6303ef53ec5f40ec5f71c38

SHA1
33195e69d88cb0d52511d87084f7e46f06a7fb02

SHA256
91e11ee9d9355981d6da88df87f90b885cf15537f25a0592887c70e8f508eb37

SHA512
65a3a978049415aaba292486ba6b82cf6734927d4b3a9b89b28b963c9fe22005f5ec0b20f9d110b399ceb5ecd2912b40be6d4b5382618d181b87c8e64ba9c940

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin

Filesize
8KB

MD5
8c796179888f5ce6999c468e4475dd43

SHA1
961e014832343e8f9e61a50827940a7ffd18b5f4

SHA256
214c49a5cdab9cf3c04b2d66fd4e3d5aeb4b840126553d2938e6be09906ad643

SHA512
df471fa9f2c0638dcad45cb3ba2a3dbdb0dce3bb82f142da787bb9f283dd524db6e46f2ca8ce29f17c0c13b3d98462cf99a12d41a8da6ba32b39c44e54a83ff7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\AlternateServices.bin

Filesize
10KB

MD5
d78ac16bcff86529406bdc80c0958dd5

SHA1
82716bcb3a02316c69339edd8ea31eb8f2787cb0

SHA256
6c0782fc1ff74ec6ae425412f7ca18acb3be810ab5c13cf934c2678b1369de3c

SHA512
8378eb2cbe1446a1ee7e8945ecaca7fb145695389fc38d4a9b4125b3a9e6c82b8b519930d976629f0f63810fc7219fb41be76ed87b00cc6aa04c02c309346e9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\SiteSecurityServiceState.bin

Filesize
1KB

MD5
cdb4bf001641e650d073270aa92d7b6c

SHA1
650261595f2c641eb3fcad4fb60b754b2e9616a2

SHA256
aff82211dc48a3948f95226ada99b4b8df16bf979074045a9a24b081dda0219e

SHA512
81c50f4ad194be9f8686cdc4278b56b4cc84a7d361d85f80c473d57154ad774c6c17a11fe5beb54df74b884ee496c78f33233b9982684b597d327a2679730a15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cert9.db

Filesize
224KB

MD5
193a4fcc7d584ad6a112aea31efe355c

SHA1
cd223b9d88f46ab491cdbcd8a322f6a339a92458

SHA256
2101fd1971d81fbcb58efe945ede4a790a2d2c0d6d1e50a802143c8c68a63600

SHA512
e0651302b7f747fd69a14f073689b24129cd049524917eb9c8e14f3b082fe5f5e48a9edea276495513a08f68cb5e0131e6c56473497a3611cb26fae8152a0a23

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\content-prefs.sqlite

Filesize
256KB

MD5
b5acd9cf58ba89e643e7b2e839e0707e

SHA1
82c2b9cbea4acb50b446b786818287be7b0b8b61

SHA256
4d4fd87f1cdccc9f826ab7de2b3980db6fe4ed328f079ceb24f680557da9667e

SHA512
1fdaf5173a2fa956e3793b3643b44d928a4c81a1599bdf4b057396bfca5948ce1097194dbb5f528959c8cf4e34d058922828236c6060b41510e9ea2cb9ed424b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\cookies.sqlite

Filesize
512KB

MD5
cbc727c209865e317b3463438eeb72a9

SHA1
fd7ff46dda6ae0207c94eaab5536242c45d77033

SHA256
02388717c86a0658e160ba8f95c682d3a305c0f3f8f12b9d9832b08943148213

SHA512
4613baa5d4e61030fa1445f0c877b6c6d914d5a7a37cece9c720c592a34322dae15ee4381f5e925d97134311d2dd31cd9a726fd32ac3b1973511424009fbf2fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.bin

Filesize
45KB

MD5
e3257b2e04417f6032c1963b48f36707

SHA1
c40a31ea3fd233e151cad1de61ac120fb2bec2e0

SHA256
32d601b67736e85c9ffa81759c7fa97b6780a97073615f389cbca393eb604a36

SHA512
4b556f3d84ce6a281406248c8a1212ace87a7d22104cdb02bb061544d914129b8c1e2ecdd417ec65afe5db973da656a9980ca5ec9db40761efdf403ba585136f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
561b732f5b9c7c92e0a5f6245dcd8b7d

SHA1
960afeb7a81fee3b04b0a45f2f91e55239d2f460

SHA256
9a06050ea4ed5cc38c8a6129bb5c67dcb8cebb228674bf44e7634e83021cd817

SHA512
c55ff0e20b420018a586d0ed3d882afa2eabf78cdd8ce939386fe0a06f635dc795dc8dfa7a22caa15c575d2a6400a6961aa23da40b23524dc981aa9ab6269e63

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\db\data.safe.tmp

Filesize
22KB

MD5
3492fb7c6da8df7962bf6e37413fb9eb

SHA1
972b263686493bf8267c74b95e1c27e8bbb51345

SHA256
c4db324b20fa604f15ac028c29f72a3f3d6a876fdc3ab33fbcffe21a64848507

SHA512
f8c6ed6deb5e76a408b924eb9e9e8c11f4b87648b9749771a23ac5c431820ea9a0cc49dd0f871fd19fbdcecc73fff99a695b7b9a432927d068d2cb0f6d905a8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\events\events

Filesize
933B

MD5
35988a123a8ba5a906304867b8dddcdd

SHA1
a8040613917dc543c65e732880b2196a19238c22

SHA256
aea4a977d29f6f62447e9e500cd877d3e69034d3f23674cae14decb5cea77be8

SHA512
a9cac8b898887f7cbe9806091ab4741421ce7e399dc3745d57be9ed2261388bc9fc6e36c76ccdaea13b16ae2ab32ffee950e69171144106bc38a623bf523f512

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\events\pageload

Filesize
219B

MD5
6faa1733dc4be0d6238c20d557d807e3

SHA1
9d57e376d81bb7d18685800199caa5f75e51625d

SHA256
fac741ce5d241b9210514b05f1819eb0969446539efa0435dab80654f2071498

SHA512
26787c22bd482fa964c53732230152a9e30225b5470cbfcf14b245dcef59e475d9a19ea0513b9d0f21871d0fc603578dca8405541d76439e081e555a4db5c659

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\49c60ea5-609a-4f06-a757-1f8c67c4d300

Filesize
659B

MD5
400b1935c7a9e02c545e9d5fc2e2aaf0

SHA1
ee6bad4f76abcb91db5953b6f101b2f939146b25

SHA256
571e858e7ed7555984a3ff5584b73d90c7a35947d6adabc6b0c0fb9f61ff65fc

SHA512
60ce3facd978246643c155455edcf9513eeaef8fdd0ee74e9eddb3f23c02562abb7fe6f2b3a44261a7e4de29700ac85dcae22ace753985572f7e74a890b1a2b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\6199850c-84ce-4546-b00c-de9d38acfd13

Filesize
756B

MD5
df061a9b75ee1c89c3e86f1ede7a1c3b

SHA1
328d3c41c6f9c1c7a269823abbb10c3620fceafb

SHA256
04526ad1ce7f87cdb078220c64b31298f67a39b731ed3b2ea5c9d398f24451b1

SHA512
d82954905c8f4f1641a35e99aa0c8f56c61d24bf25637c1b750c2885bb8f8b18eef7ec83502139b26446bd62b6789332a14e246fa10f43c3e665194cdb78e1ee

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\datareporting\glean\pending_pings\e38136e3-6ad9-4557-add4-3a6b138c3148

Filesize
982B

MD5
c645aef49ee55e3e3ba17ce9ef50f97e

SHA1
1b2b3568fc9382f6f90999fd3be44040c74bc6ba

SHA256
8e0507eb35d1d5ea265897290293e483d65a7b0af70baddace7e0e216f86a209

SHA512
ca607debf89501cebafb36d8303906e6db9324e82921079c518f049d53806b93de4c595bb5a59800b8a088effa00b57e81a1fe0ace37fc1707a2ab18fcb39a82

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\favicons.sqlite

Filesize
5.0MB

MD5
bb5159c51434d088570611967171c541

SHA1
2c98a0796e81daf7d9d5f96526164b3df5eed54d

SHA256
f3e41a12fcd4b7a717738dfeb44f54f01dbd258d27d664b97f6cc0c3f982a302

SHA512
7f15936f403ae4787a57712326df01b14f32c850d14b830b4fd161d628c96ce3bdb77b7ee337970569b6469c7b1c11c4ed8f226eee308b2d401625d5b0c9c038

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\formhistory.sqlite

Filesize
256KB

MD5
ac1acdbbdb344f36a46bd876a2546dba

SHA1
841abc1495785ee33056dea513b7c87d718f9dbb

SHA256
7a871dfb5c4a3303de8dc34aa5756b3b68d070967116c66f400eb98ce89122ce

SHA512
8013b2f60609d954437fd747931ac669cd16a4c9348af22db7815f2b752e6b0382933d890ebd4b86c60be2d6b2eaeb2354cdf929b12c7b7fc8388bf1c03ceb69

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\permissions.sqlite

Filesize
96KB

MD5
1ea616b8d063fa7cf1f3070f404203c1

SHA1
4793330a5c87c57731fd4ff2441cfc02f82e9a88

SHA256
a1b000ce36ba0640b4997a94fdd34a89295298d4e8c467ce2e86796179e40381

SHA512
c9095cbaf77595543be5506fbcb8894618174ab308fb3e432a55084db525c62a4b88bab18980178556839deb75aa36c14565009c2fb09df9f0ebf2ded14f084c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\places.sqlite

Filesize
5.0MB

MD5
782aa6fc34b02cf9f4e2a9993413ab61

SHA1
3a197dbd0251e446ca0ba6f3ad907a9a2d241ff4

SHA256
2494a12a9307b85ecb7c7299dd6bc375a15676837a112f84a88d401e1412fcdf

SHA512
526e33fff94e0d8a2c2f7328a4febe51ab7c72453dd9489a10302883a3a83d2fade7ff9bea5c9f3eb300d465a3411950b98c92fc0c1efae3b0551dff60804b22

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs-1.js

Filesize
10KB

MD5
584acf9baf377f47c153596c46febed4

SHA1
8a9b7d2c5c0427d31942966a3d64e24794ed0d17

SHA256
dbca7f13a534d809287680ad385fe4c0670f36824a0d0b650f0f5c24c79946f6

SHA512
c95c6169b56a7c5f811d3b851917b431fd11904ee5c97930eab38f78b5125cc8dfdd9c346243b1a9b70ca214b8d3a8ea4f93bf35b187bfb2f34a357d7b69432f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\prefs.js

Filesize
10KB

MD5
5af20f381ce499d9070950171e1b3767

SHA1
8b2731ec2ab8e0a9820b8363fb3befdfabaac89e

SHA256
ad76412e9e5589348f377ae422001db4430a207f9381b840f23f43551be4a4ba

SHA512
ca88c0cf3aa6ddc1797ab0f5aa1214ee1d98150361732577ef50f67a248a111842a643c71f95427ede20bd7af8bcc2365b57a09469000bfd05cba1c47877919a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\protections.sqlite

Filesize
64KB

MD5
d7e5433a87ae3a30de4ab9adc47023bf

SHA1
4edaec48083abd90bc532ba8dd015fe209b0e439

SHA256
c2da29c9c40900e9ae211f9083849b86355850faa503062d14ced549563f273e

SHA512
9b28c36dbe02dff99519fac684c8cb88b8a40b06454524ebf79e576bd22cd94ae0eabb2655aba32bc118767f645d4e12da06764ca5d73c4e42fc2c2e0c343961

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
311f53906329dcd8cfcca544cb88285c

SHA1
6526d9dcd0053a5aaf337953468950cc9bbbec7b

SHA256
f7ea0e5c0436ad95f0044c9a0145f6389c7e644f99ef902fcae5997898ad2751

SHA512
3fb94ec942ebdcb108a3a8aa71d6e3ccbce794b4fc946fa8b11a9f1a20cbfa2d50288480bc07554b501847a49192337824f2ff80bce4f931836f2d24116eecba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage.sqlite

Filesize
4KB

MD5
f467f68cc1639f868bfc7105089a62d6

SHA1
2c99b7bb61eb6d6d732837338b341e99104c6185

SHA256
b57a3dcdf8c9f0072a726c24291fff51d51cbfcd3141dc6b39564954fc8ac8bc

SHA512
8804619da024f445d65853d34dc191f423dbfec880842e0f5933878e492c39c0452760bb2452ac125c9ecbf8228c2bbce77e79dd16d68285e7acd31baf207768

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\default\https+++www.google.com\.metadata-v2

Filesize
52B

MD5
f551ed17658204f1d19558d441ef7946

SHA1
c386ad23bfbd381472e4aecbe12f8af6962161b4

SHA256
87f41d29ee656f57dec006ef4602aef41557ed35a3465f415361f6d81261c4e3

SHA512
0b74e8aa5134293d0e3e5ac2f5ec345dfb1acf269f4247eb931a76af7ac7724d37cbeec9e915659f352e4f40654d95ac86d303a1d06d2f002dbcfcbe18540b7b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\default\https+++www.google.com\ls\data.sqlite

Filesize
6KB

MD5
6223d20d3d069472892928a2505ccfc8

SHA1
13d76a605d34be15ebb6c57871f9274639d38d3a

SHA256
a01a01e8e2688c81cd2b8edd9a3c4cfb76a5daca190cd80a4ecfe27ed073cc56

SHA512
cdd4b1e98e7660a266437de267763dc060868839a84f4e2a4e283e0eadd09c200b516d1335a073cf9fc6831d9c418931a7af2bb21d6861d528757f47d85bb409

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\default\https+++www.google.com\ls\usage

Filesize
12B

MD5
cd4a95a318587ce800fff845aa75b8ac

SHA1
613272b60c3a91a9b5fd7b2931bd295a95de30f6

SHA256
bb7fc74d8df01e39a792fbf2da0ac59f40379afdfb83485a235890a50d218c14

SHA512
6a08063d1381425f57ade714614d316fe0eb054e170c1771b36bfdbfc326a173ae61863b7769935b456d0f5a81425ef9f2c706915ed621bd867d5eb783a0e7af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite

Filesize
48KB

MD5
d288d327802102302e645754383d1356

SHA1
ee776c694d5b09ac4e783f27bbaa9be63c98fc7c

SHA256
b877a6d60014a2ea9bc9303ffda342fbe8c4818e64ecd07706966b15ce708e2f

SHA512
26ba3184a2b713428b54a1ea9b73e32609d5ef07a28dafee5028c80b967783ba3d94f6af3b9f28b5d879ca4a4fc9ac2b3bc0f72412bf68e639ed58d8dfa4b56e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
376KB

MD5
5d0a485c6575ffa77a45a9789921f9f0

SHA1
207468b870c413099bb675a3e162346ee2d417bc

SHA256
728b08f74ada44e54c1b8c28beb43047e7f2c34e6abf27484626975807a5a17c

SHA512
fc94ec23d20863fad9ac2e97d919efb4d40bb9a914df7ecaeb063e6284cb008bb5ae1ec37eacc25aa3ea706ef1f00f769632314bfd5ff615b4dc217c3ebbc279

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
584KB

MD5
0c1d9c7d8b0ee02ca6d5d6ee8cbb683f

SHA1
edf51c6c46c897e6728070ade9066d590eebc688

SHA256
c69c11dd4b848e23fa06a68cf25f0019f0081b9b03b8389f26cae372b7a6ebe5

SHA512
9c3a4dffd652f456b2cc26f9ecfa7df96dd901876a67ffbab16095cf1c6861445ad2182f2a808fad65c37f0086f741f46b14e576a77274a4851c9c2f1ad6c72d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\targeting.snapshot.json

Filesize
4KB

MD5
f168f5bd320bb5a481f93720183b1a9d

SHA1
00d88f1bf0a859d854bb926d40f836f2c1101d3c

SHA256
94d6d33b64fd66dc61493b38c11b4f5e22922885e7fc135131c3aabe68d4b802

SHA512
812cef1d53c663700671c903248d5e54ecbde733148aab374485a6e391ede5d96d5b603512947a3d2154576b2845240c6c2a55d7a7d99aadc9b9fc6ea142a3b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dfn8djy7.default-release\xulstore.json

Filesize
120B

MD5
8d689c06cb844185099c0398a280537e

SHA1
57073c7526ec37e94bb9db44fedc6d50276f7a6b

SHA256
96729e9b38f216605ff10715f96f364be32f02e2de23ede7e74b78244605124d

SHA512
3c7df326c695143915df1068cb2c0f58e93e4881b2c4d94b33948b80e954fbd4cf944ae53b4d15002b79fcdb8e88f8e9cf4c89ca50f56b7cfd8a13ea7dd6fff8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\AlternateServices.bin

Filesize
10KB

MD5
c3afba9ce895413358427187db1a3d62

SHA1
4f80ae5f2e6381440406439478fce5a8e404fd15

SHA256
de622a79078cd66837b603d66a3451064e588c3938efd9d2b1e615ec60bc561f

SHA512
eeff0afd25ea253f3ea1a291df4fc1cc52ed311c565a8fab104cc53a76905b51c7674f8b9b6865f1b124ba5dc8a86fb8ca96e8d951a8ac848091faca53accbc0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\AlternateServices.bin

Filesize
15KB

MD5
d55d74cd2ace72f544f9254926e88f5f

SHA1
7336534604dc7c1d2599ca41a0a957ec7a7d831a

SHA256
7d8e9d4ed8a1ab788cc03920fa8f5e6cd0b6f34d2b8b7892b8e5f80245875e7d

SHA512
9455788a07bb330cbfed1f2beec5d62cc833aeb522a445c9f4717681c38d21b91c50c8dbb75fdaea0c0a04de7e7b0e7d6a5343250be67ec4e63504fb0506afb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\datareporting\glean\db\data.safe.tmp

Filesize
3KB

MD5
1da53707b43b0077a1cdcae4bc670a95

SHA1
b4d3e1d7f43a9a4f35197a3d9e2caabb71ef2594

SHA256
fca99c3d4e2209ea3fbf346987742d94f207728d294ca42c66d668803a62ee17

SHA512
0511f878172bbcb376e171d466339990e050deb44c5e58127ca44c900e9deb3b903357a766a7d0e88615684ca2300d53011e2d5f4e66027f7e4ae0f72da8a6fa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
9ee3949b1244c7d8ac075b91bd055050

SHA1
8f74ecc1bf3d0e9e22536f1128cae58595c2c47c

SHA256
ff4da0e780ed09b35b667696632f8138e530ffa8d6b50db8c38b43d02ed46056

SHA512
e391fbd7dc612be9ad071c5c6f8f734a50cc2bcdb0b287c82f507c78e3511180523b72086d68f94c619adc3f61003e8aff87030fb47adc93aefdbb517f5db198

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\datareporting\glean\db\data.safe.tmp

Filesize
44KB

MD5
f080a514f90370c3a9f6d31ec35b4350

SHA1
1816b3a8e15c02468ea02eba485e2b82d382a391

SHA256
d004c5a5a5ced2126f555ae9e176f20a2c920efb777319a89f55ca5421bb9ae8

SHA512
e3ad438a1563d70bb15ca1ae1df75830e600c47035cd16a022843b83dc3a8ba976a574a3e103be0bac0c0374ea07456acfb53c504f0a8455fd75b7d31cc33ec3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
6e1002c79d3b3375d15b13c1defdd82d

SHA1
69fe1d531c55f1341bb5fc7726a5da5340d47816

SHA256
f943086a9a190aff5ffeefa9a6a28a65e0d0d4fdc8945f3f163a33c6a11737ff

SHA512
ab3bb8bd6ebdc8180a9743f1a38442604b3886d1d911280303b9de14425186b0a79df5d6ae9fd0d67656cddad0e48e0bb09e7202876e31bf77e5c3b2a9608fa4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\datareporting\glean\db\data.safe.tmp

Filesize
43KB

MD5
2e370b03588b47fa5e2674734a79830f

SHA1
d3bc71aa2e3e4305bddb0ac2a3600cdd98b0da59

SHA256
5a7dfd3f210acbdfb336073dbcd3e792606ee26a4ffed3e9ff0f521664a55d3e

SHA512
ef8271d39bf6a1e5e377ab198233762bb08f7aa31cab4bdaf4287d3697b7376b96bf4a7a111521dd7d0ac266f7bff6184f5a057070e4eb59a7a6297f204fe5de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\datareporting\glean\db\data.safe.tmp

Filesize
43KB

MD5
fb2b0fb1d106c8a115ac8a3d0d82f1fb

SHA1
430a37474afe699f9b0104b3f7aee69016f2a142

SHA256
2d34ec87d50200bf6e8faddc8143ca0da66091ecbd44241fb02a2bc94c7d1072

SHA512
a628d94e379093ce8eec515c87afa1a0242e993c5ad93361c486ed6042ae8c5b36ad4cb3313a677fe07d499a4a535ab96f57ae2994250c827eb5a45342966159

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
934c8aeac0247dd82c103ed50bc4557d

SHA1
af6ad748ae710272d1806136eeb422c3f5b5bf0e

SHA256
38e2b97c95565da85fee7c57b1d0d36ac6dcbc640e48e1c4445214f4a06544bd

SHA512
3882af4bc3f4056b6c659d76f5db4b7929d41ceab04b83e187fca4e0db7431b4dc195a0d70596a9bffa089b9225ada6af4930479433530b26f8e4434ec09847b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
9fd6dd7b9d8f39ed22c66ca30d89b118

SHA1
af6eb2cc29cf4ebbfab71dca3e94e728454f2c52

SHA256
fa5aaec5b751b7bac61a11db1155813ead6869bced57252425080d4bfe3716e7

SHA512
5ab75a2f0cb1f1929b3640909da6ffef376b4705b5352c55d99e74314a4aef49c7c829263aa457d46e10d6db29ef9e3d3f37584a9210d6b100a7a2cf4e073485

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\datareporting\glean\pending_pings\d0c9d24d-479f-46b2-9376-61b5355fd581

Filesize
566B

MD5
82abcaaf05415b005c0a68f7edc91a01

SHA1
70ba608a3edfa4cd88335370580e13545cf43168

SHA256
d49fa7a271f7a7ae0b151033dab97ec98990c8ca9af0838bae6237a5d4c62ea1

SHA512
41b95464bf6ab589c84a856fb33221cd0eb35be11b3e8f3c8e017a8525a523469b311c332f48eb965a5c3a4b45ae94ea7e8ae06cdc4d5a5f6dec3d62a76385e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\extensions.json.tmp

Filesize
13KB

MD5
bf91b5382c6d945d738b1a3e3bcdc9c3

SHA1
2bf093235fe4f03e33c536b39d8a2fa1a9688907

SHA256
e0bd144362943f7b1bf8b1a0d3497417dc644016f90525d4e38aa009443442fa

SHA512
f0f3fd46099cf53dcbabff2bbde4863bcfcc65dab1f2605e4505a7c6e5307fe0f42799224b6eb102e42acb26bb08c6b36f6b4564371b74b30ad90872d0d408de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\favicons.sqlite

Filesize
5.0MB

MD5
4662517ab6fbd8c7c6a7fc4ce82863bf

SHA1
a31c4284eaab49988e310ca211c1472c132d5916

SHA256
f279a7e34c45e4699227ee67eb5cab62bf74efb08a8deb8dbd322a86b6dc2a96

SHA512
fe7378e4291637d2e4e0462fc1818ffcedb34b8e6b574802cc2f6ac836740b20f81925a5c606267a2316291fc3bbaf8964ba851728f6040e0dbbcdab59998b6f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\key4.db

Filesize
288KB

MD5
e706a551ce107118e5b9ee03ca250a1e

SHA1
1c53f3e31879d38d131318ee47b9ee74c051ad93

SHA256
4a51581167775815009d4b16e6ab97fee02d05d61e626aa2da27f62333c3dc1a

SHA512
44a263a9adce3e5fc70248c623fe5cef1d5707bf07542ab595ed636a4ba734e78f6ceb3cf0bd2871b617deec39155fed5414334569d53c3208073c4ed3a68f9e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\places.sqlite

Filesize
5.0MB

MD5
8370c52afa9dd73b890dee97f4cabe03

SHA1
c895003042071cf67b1cc109047430b42d89796b

SHA256
3aa367870ceb68544091c0c5fc2e7640726c83754b2590a1d80646fe5e85a263

SHA512
fb7e82016af0dfcc726d173e9fa76061fc26331c960495ed77ca02400f3c034cc8e1e828b81f3e572eaf43f42b2f5046193ff42923d47840bbc9478fa78db0a2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\prefs-1.js

Filesize
13KB

MD5
20ce5c6b27031ff41394266166f23c53

SHA1
aad024aa4282e13949cd2099330ef858af57e2bc

SHA256
ba6aaff39db506ce5586fda49c786f4329d3e35e12972e2bc9bacd1e827baa31

SHA512
645801fbb618a004b769faca36df81a5fa695ea2a9479f536972e6dd530af428221c5c021d8bacf876e8139a0c27bc515dc9f1848719d00f03ed1108ac4dc016

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\prefs-1.js

Filesize
11KB

MD5
16455cbd7fdb6594557d9c47a7fd26a5

SHA1
2d2ec87e4bbea20c47c3fa96c037880951c6da71

SHA256
6fa978a716c2f8e354a612abe98d252c49a95c980c3ba2435ff85d9b9a8ccb7b

SHA512
41004ce8f42fc106470b32d4f072274a42e29f59815df13cd545ecc55fccaa1d189e1519c08521d835e63d5594050680d13609f26923f2502b435c1799b83f8d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\prefs-1.js

Filesize
11KB

MD5
b7d5eb9760b4ae93f091fb55b6962913

SHA1
c1e42845d2c6d503ab717b05602fadc94d501583

SHA256
7a660e4281cfbad10cc62dd6c70506b8490452d1cac10606a8ab1c7ab45d6a8e

SHA512
293cd0c7e20feec049646fe8e294e55470b299a1aecf5e29917f1125ac31f5cc79d2b54d8e1a082fe8d932cc3c9f0db64f1e8fedf91f9656a057db082f76465e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\prefs-1.js

Filesize
10KB

MD5
8472b960132fbfdccfd3486a1384c96c

SHA1
9d12f702cc2c0403ce02ae7333a9f57fcf25328f

SHA256
a859747bb9eb59a77bf3f6c77e59027400a25a97466cebff9487972e31a810ab

SHA512
03650629e2772b03c59f182f36c056f76a3569070211f54fae75fc5852234f9dea5ce1eb3e92c55fb1320734903d9e5bee9a7ceca2d6504f67ef2f76b8efe3c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\prefs-1.js

Filesize
11KB

MD5
65080dda8cb3bdb66549b822a727f2f0

SHA1
b7e03ba6352a982acd51bc657b3472f6ace4121b

SHA256
e883e83b63d7b1f169d4bb9eae35f483efb3bef367720951d110338b551f3a67

SHA512
850fd6bb589f5e3ee4de1899fcf3ee1b4eed2f61835c6ca97696e45198e42189171f02fbd63179dabb66c047fc0512c0962b2c78e9ff2c5a5ce4f19af45b8dbc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\prefs-1.js

Filesize
5KB

MD5
faaa586b501047a6ef17be6988f82b51

SHA1
4c4ff80e47738d36c0ba448fa0b5abb086e84307

SHA256
9ee4614eb4cfb35b9969052e8b51b67af2c8c215a3385377847b3f2d1d7369af

SHA512
fbb43fca2548ffbe099925ee79b49a4eac2144042bfc1d1ada5b81883b0db0fe74803f43a97cea7db2c0be6633c9588d28ab7c70c3195669c1e1de59b58fdc74

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\prefs.js

Filesize
1KB

MD5
b068d70a0548a35c88fcebda587a2b86

SHA1
264819a8fbfd0d68901c75be32ed2e8e85c3b903

SHA256
26cff4dafb4fb4c1eae540e5719072864a6ff26c6b103c43e372a6efd4ec5f14

SHA512
2e5cf87dac8eb4e48cf83054bc3d294eacbeccee65743b13ccb7e4d819e231dc93c7c6fde0544cde6911a5c89e02ed3e4d868e4baf5f34c184e6fdcd67408da0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\sessionCheckpoints.json.tmp

Filesize
259B

MD5
700fe59d2eb10b8cd28525fcc46bc0cc

SHA1
339badf0e1eba5332bff317d7cf8a41d5860390d

SHA256
4f5d849bdf4a5eeeb5da8836589e064e31c8e94129d4e55b1c69a6f98fb9f9ea

SHA512
3fa1b3fd4277d5900140e013b1035cb4c72065afcc6b6a8595b43101cfe7d09e75554a877e4a01bb80b0d7a58cdcfe553c4a9ef308c5695c5e77cb0ea99bada4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\sessionstore-backups\previous.jsonlz4

Filesize
568B

MD5
c990a6995a840d8604b9003556e586cf

SHA1
921f09e5aeb460f58207f798b4bf905b0de70a0f

SHA256
95084ff656ec42ee30bbc22386df070ee5496cacb66ee16dc5ba00e041892565

SHA512
bfd51b25f722bb5a859baa1888fa9fbcd1d56ad7b2da490954bbd4430b9367c1916ea072d2efc1ef6013422df46a91131a76e7c518e8604618f3f5b8852e3048

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
2b3f7d7121ca402679370f4570a980b7

SHA1
8910ad26fed7ede81f76e652ad961ada8d3659e4

SHA256
1aa1a03a136c3117e42ed0d2fbd72a8c3e2d77e3b923079ba3d84a5554911ff4

SHA512
c11197f54c1b71637605c2343195c112319596a4f53c0b2b943e0c06b98ab3d81b8bb7769f5048f86c13bb7e8248f67dd107751e31c3445b78157e7488a2e98e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
8a2f0489444e5af7b620d8d4edd861ae

SHA1
2ca7b2d259553a4cad663e68c88f2f66ce4a4034

SHA256
83405bef45fb0024978183bd06403829495dd49ec7522e1d634a6cb7fb9d8135

SHA512
7d8008168f4bcaafc7d799561d2ae75bec0cfa01c58f893bd422b7091afbf951e1007915b9062445a2ea0b653dbe0d7e925be5973206ee40d772a6871065f3e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
7ce772dbb08cfce1249c3ab8847a5c60

SHA1
b1dcc0f95d4de8bec7608c6684c21e9a5e265e71

SHA256
d580ddf7810ae7dff83e9a6fe052d4c0492a975bc1a557b71260341dfa87c0c2

SHA512
07b9ee3a7664f90cb967c28c045b282d3f41d447e2e074fb3ebbb3a3f8497fec14f01dd3873f3b75b9adb2b90522c6fd6e35fe7ab5568a12965d807133b0ad6a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
82883b679fd22231d8a2eb1d23d38ebc

SHA1
59f5bbef582d370f3df8db2b27b90ae8abf10095

SHA256
df3f073ce4534f654d54c00c3b5e94676d13e38d863b3bacd7391495290dafb1

SHA512
522a48b70e831d4b1c9daae6b62277f72f97360db1293785204c880f8a6512db104f5b914d4969a17f6d46cb1e98e009ecb0f12bf562dedc57e468f278660766

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
2b57ff2a178b79dcb737e855877e53b2

SHA1
e99068155c014bb98964abc7d8a730e06f620b71

SHA256
5aa6dec36a28637a6f8fa9156ae05548d8c60164c23f084caf4b18b23dd6fe57

SHA512
79b290051fe0ee5cd601ca9c32c09cfdb11f70ca33d8614f74ba9aa7c1826560b82565f7855c7fb4334d88f92fcbfcbb072429be23d572a6de1079695fbfefac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\storage\default\https+++www.googletagmanager.com^partitionKey=%28https%2Copera.com%29\cache\morgue\254\{48c3267b-168e-4038-85d9-8d74404360fe}.final

Filesize
10KB

MD5
39b187ae73b8c634cfbe5ab1cacd1e1b

SHA1
900207060e1d5d0e8e791819c64569f45e780c2d

SHA256
5c73fa7936e3897f4821ec266ba4ced95597c122e775e8a837358ce1488d98fb

SHA512
ae4b6d436dea1ff3dcb0984078fc19aef43011952a37b06c9a501ec102e04f81093fa58a01d04f93be49f64de4d09d2e74f6dca89919347ea25cfc62468301fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
616KB

MD5
6613616feb57e444a78180fbaf60b7aa

SHA1
9fb899db7eb9b96e8cb0f403a9be26675aafe22d

SHA256
d8486c5feb947abf6f1f72302bde25db5493712c7a7e12a9b9d987124f1d73f8

SHA512
3e87054cfb0fa4731be7eab638e14d8acc9db878c7c4c4566a9cc8a2187d11f9034a980fce8c47fa015d5680bd3b3e2964459c1eafd8e42a7480431b22df9d5e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xqsvc2fq.default-release-1733541571673\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
152KB

MD5
cbae378d5337df2601431c175589ba50

SHA1
af0fcc08a75ed867ed7963cd143851a6771c3e98

SHA256
70c2278a2a65ab2a997d15adee153e6cc904c6a92d602374442f31f48235307b

SHA512
7c081ca1ba43db0c37b597ab7927a37497f499a0621fa9e592f151fd1c345761ae129fed38661978891cea1e40f8f6324705d775cc6c6bba544561997f056d40

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\dfn8djy7.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
3acdb5d2c35307ed34bd4e017e9effca

SHA1
c7dc18c789decb48367ac60b9bffdfcdfde06de0

SHA256
f24db5825791b5c9e75c3a4d7961fa7d0ce86cf39dfe3daccb52e633f3a33577

SHA512
7ced85d2df3d9f4d9777d0c99d697b27d8c66b2848bf4ec7965bac85321afd5dec1a321c8f4c4bdcaba9e50507ca0243b899ef714041b19abb5a9182448ce2d8

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\dfn8djy7.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite

Filesize
48KB

MD5
ed83968559921841884964ccc82ee83a

SHA1
7a6523be788e9235fc2e342ba271914af5550fc3

SHA256
8b2eabd9b34c1abfb8744040e3d4f6ded7fced3a3a5a6f3ea1b215661fa3487e

SHA512
7ffbf7384b4f046da987b76bc9dca0f7f4621e8cdb924f2dd408123192e920df5000c6c1182d953961cfcd6265949a3a9659b812676321d39268f5e4d98a8f4e

Download Submit
C:\Users\Admin\Desktop\Old Firefox Data\dfn8djy7.default-release\webappsstore.sqlite-shm

Filesize
32KB

MD5
b7c14ec6110fa820ca6b65f5aec85911

SHA1
608eeb7488042453c9ca40f7e1398fc1a270f3f4

SHA256
fd4c9fda9cd3f9ae7c962b0ddf37232294d55580e1aa165aa06129b8549389eb

SHA512
d8d75760f29b1e27ac9430bc4f4ffcec39f1590be5aef2bfb5a535850302e067c288ef59cf3b2c5751009a22a6957733f9f80fa18f2b0d33d90c068a3f08f3b0

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.79esOYdp.exe.part

Filesize
3.2MB

MD5
924df5b241afc180519204d50cd39a78

SHA1
40ec3938c7dcb340707aa90e9d69f55f6ee0b18b

SHA256
6a7bb0308e8b24c9ed29cd490720d2afae9667b26bf9166ab5902bf5366f2d2e

SHA512
5bbe2a853bfca2fed46b5b42af10ceac3c141cd000be296e2b768f40880e333168825d2cec106c8cf2afd0817d7c89f74b91dc8b0a2d0a577bcc12aaf0772663

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier

Filesize
296B

MD5
7ebced1b0f2644ddd2ec6da96b0fcc83

SHA1
17097fc002dee4ce4d6ae809cf7a630b3b358d54

SHA256
6e9a10790d2954fd6ae17d4fd31cc19cfaa1ab4c1dbacd5eccfe7320f564cb54

SHA512
43cba8628ad5ed185e02e4bc023975f79c555092d0bc45a99887ca203ed950826ba9877259a933a1452dd45ba1e08516eab71e7cad6c8fef83e4fda31daa6fd5

Download Submit
memory/4056-1978-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1976-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1990-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1964-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1965-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1966-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1967-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1968-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1969-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1970-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1972-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1974-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1973-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1975-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1992-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1979-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1977-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1994-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1971-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1980-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1981-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1982-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1984-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1985-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1983-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1986-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1987-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1988-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1989-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1991-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/4056-1993-0x00000258AACB0000-0x00000258AACC0000-memory.dmp

Filesize
64KB

Download
memory/5136-1928-0x0000029FB13C0000-0x0000029FB13D0000-memory.dmp

Filesize
64KB

Download
memory/5136-1944-0x0000029FB15F0000-0x0000029FB1600000-memory.dmp

Filesize
64KB

Download
memory/5136-1960-0x0000029FB5BB0000-0x0000029FB5BB8000-memory.dmp

Filesize
32KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads