Analysis Overview
SHA256
2cb06fbabe01a9fee9f0d687137e8dc868d763675c799b5d9e6e586e8d6b4135
Threat Level: Known bad
The file OperaGXSetup.exe was found to be: Known bad.
Malicious Activity Summary
Detected google phishing page
Downloads MZ/PE file
Executes dropped EXE
Reads user/profile data of web browsers
Loads dropped DLL
Enumerates connected drives
Unsigned PE
System Location Discovery: System Language Discovery
Browser Information Discovery
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Enumerates system info in registry
Suspicious use of SendNotifyMessage
Checks processor information in registry
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
Modifies registry class
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2025-01-09 23:25
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2025-01-09 23:25
Reported
2025-01-09 23:28
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
149s
Command Line
Signatures
Detected google phishing page
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
Reads user/profile data of web browsers
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
Browser Information Discovery
System Location Discovery: System Language Discovery
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
"C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe --server-tracking-blob=MjdjOGFmYjNjMDdjNTJjZmMxZTFkODBkYmQ2MGZmMTdlYTU1MmNlNjU1OTk0MGFmYmQ5YWM5ODFmOTliZDQ2ODp7ImNvdW50cnkiOiJVQSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1Mb290bGFicyZ1dG1fbWVkaXVtPXBhJnV0bV9jYW1wYWlnbj1Mb290bGFic19VQSZ1dG1fY29udGVudD0xMDYxNTQ3JnV0bV9pZD04MDY2OTYwODkxNzE2NTQ5OTUmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRmxvb3QtbGluay5jb20lMkYmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZneCZkbF90b2tlbj03OTY1MTEwMSIsInRpbWVzdGFtcCI6IjE3MzU4NDc3MjQuODg2NCIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzEuMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Ikxvb3RsYWJzX1VBIiwiY29udGVudCI6IjEwNjE1NDciLCJpZCI6IjgwNjY5NjA4OTE3MTY1NDk5NSIsImxhc3RwYWdlIjoib3BlcmEuY29tL2d4IiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiTG9vdGxhYnMifSwidXVpZCI6Ijk5YjIzNzRlLTk0MmYtNDNkZi05YzE5LTg2YTcxYTgyNWQ3ZiJ9
C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.124 --initial-client-data=0x32c,0x330,0x334,0x304,0x338,0x7435ed4c,0x7435ed58,0x7435ed64
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4008 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20250109232544" --session-guid=e0454369-00a6-42f5-b0f1-fad2d75cbb4e --server-tracking-blob=MGU2YTBlN2JlZGM5MmU0Yzg5NjEwNjE0NmI0NGY1ZmU2OTA5ZTlkYzVlMzZlMDIyMTIxZTMyNzE3MGZhMWIwYzp7ImNvdW50cnkiOiJVQSIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1Mb290bGFicyZ1dG1fbWVkaXVtPXBhJnV0bV9jYW1wYWlnbj1Mb290bGFic19VQSZ1dG1fY29udGVudD0xMDYxNTQ3JnV0bV9pZD04MDY2OTYwODkxNzE2NTQ5OTUmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRmxvb3QtbGluay5jb20lMkYmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkZneCZkbF90b2tlbj03OTY1MTEwMSIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczNTg0NzcyNC44ODY0IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMS4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiTG9vdGxhYnNfVUEiLCJjb250ZW50IjoiMTA2MTU0NyIsImlkIjoiODA2Njk2MDg5MTcxNjU0OTk1IiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vZ3giLCJtZWRpdW0iOiJwYSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJMb290bGFicyJ9LCJ1dWlkIjoiOTliMjM3NGUtOTQyZi00M2RmLTljMTktODZhNzFhODI1ZDdmIn0= --desktopshortcut=1 --wait-for-package --initial-proc-handle=9009000000000000
C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.124 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x71a2ed4c,0x71a2ed58,0x71a2ed64
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa8b0c46f8,0x7ffa8b0c4708,0x7ffa8b0c4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2004 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2556 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501092325441\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501092325441\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501092325441\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501092325441\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501092325441\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501092325441\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0x554f48,0x554f58,0x554f64
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6052 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2024 -parentBuildID 20240401114208 -prefsHandle 1952 -prefMapHandle 1944 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b756f83f-3243-4243-a856-b7e08f6c0249} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b2ffca3-c741-436d-8838-0e54d5b65d8b} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1452 -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 2844 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d2f8a472-67ec-4c25-810b-cdc723133d5d} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3872 -childID 2 -isForBrowser -prefsHandle 3868 -prefMapHandle 3848 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d59163a3-6f6b-44be-a868-3794787a5b98} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4852 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4916 -prefMapHandle 4912 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {db18f01f-14dd-4339-8400-c7550da449ab} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5480 -childID 3 -isForBrowser -prefsHandle 5504 -prefMapHandle 5428 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb8c01dc-5be4-450d-8eff-e9b976c91d0e} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 4 -isForBrowser -prefsHandle 5672 -prefMapHandle 5668 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bbb89900-e3f1-4760-8cfb-78c65a2c1d77} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5860 -childID 5 -isForBrowser -prefsHandle 5780 -prefMapHandle 5788 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1260 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9652eb3e-aaa5-4ab4-a16b-5763c8e299c4} 5732 "\\.\pipe\gecko-crash-server-pipe.5732" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1992,10693335118203225000,11349590434268643565,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.150.49.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | autoupdate.opera.com | udp |
| NL | 82.145.216.19:443 | autoupdate.opera.com | tcp |
| NL | 185.26.182.123:443 | autoupdate.geo.opera.com | tcp |
| US | 8.8.8.8:53 | 121.217.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 185.26.182.112:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | api.config.opr.gg | udp |
| US | 104.18.25.17:443 | api.config.opr.gg | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.178.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 82.145.216.49:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | download3.operacdn.com | udp |
| GB | 95.101.143.243:443 | download3.operacdn.com | tcp |
| US | 8.8.8.8:53 | 19.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 123.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.25.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 112.182.26.185.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.178.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.216.145.82.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 243.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| GB | 95.101.143.201:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 201.143.101.95.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 97.17.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | r.bing.com | udp |
| GB | 95.101.143.219:443 | r.bing.com | tcp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| GB | 95.101.143.219:443 | r.bing.com | tcp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| GB | 95.101.143.201:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 219.143.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | mail.google.com | udp |
| GB | 142.250.180.5:80 | mail.google.com | tcp |
| GB | 142.250.180.5:80 | mail.google.com | tcp |
| GB | 142.250.180.5:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | 5.180.250.142.in-addr.arpa | udp |
| GB | 142.250.180.5:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| NL | 20.190.160.17:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | accounts.google.com | udp |
| NL | 20.190.160.17:443 | login.microsoftonline.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 84.1.102.66.in-addr.arpa | udp |
| BE | 66.102.1.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.160.190.20.in-addr.arpa | udp |
| GB | 88.221.135.34:443 | r.bing.com | tcp |
| US | 8.8.8.8:53 | 34.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| GB | 142.250.179.238:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | 238.179.250.142.in-addr.arpa | udp |
| GB | 142.250.180.5:443 | mail.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| GB | 142.250.179.238:443 | play.google.com | udp |
| BE | 66.102.1.84:443 | accounts.google.com | tcp |
| US | 8.8.8.8:53 | 34.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| BE | 66.102.1.84:443 | accounts.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ssl.gstatic.com | udp |
| GB | 142.250.200.3:443 | ssl.gstatic.com | tcp |
| US | 8.8.8.8:53 | 3.200.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:58520 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 64.50.235.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:58529 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| GB | 88.221.135.27:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 27.135.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
Files
C:\Users\Admin\AppData\Local\Temp\7zS8359FCB7\setup.exe
| MD5 | a147d284d9191cd8783a8055a21bfcce |
| SHA1 | 6f87e8302e28192475a3c362ec1d7597427b016c |
| SHA256 | f7b4074a646e742f61d2ecf4b1e78e56216748a35670e23e8ef585a8008aa761 |
| SHA512 | 37d4de184b8b41a41324258ee4e5de5429228bfc89d1c9ca11a786382f11741e4741d11bc392351ee0620cb08151d710c04d92ed5e42ee165c4463d5897c5984 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2501092325429264008.dll
| MD5 | f526bf02296cae65098cd1a01dd9ce60 |
| SHA1 | 58784200e942c798ccbe2e9030826703f3a0f985 |
| SHA256 | d122a48b7642d0b49b0c48f3d42d43aa18cd5c60d6497d8ce42b567e4d580b33 |
| SHA512 | 6eee16d9bbe45d82473f302f513be8bcc84dd02d546b116f71a319b8f832df6d90c8e3469305fe18e2059842f02ea74f4ddf19dab8e4fe816eaf105fd87693df |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat
| MD5 | 4c6a39792c2d43f058c2cc5371aa247d |
| SHA1 | deeada2b1292eb765f15845b776d159262c81188 |
| SHA256 | 0cd0d533a4fdf61f3c76a29efc65f5441a662170be8f7d3cdc84261454b060df |
| SHA512 | dbc6aaaef2fbfa5faca66f5957f8e6abccb1b6196048cbc57d98e062872c21dad42b38f6910681f162b4b0f09ca9234767b8877757808c2ebca92c0d586c7e79 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | ba6ef346187b40694d493da98d5da979 |
| SHA1 | 643c15bec043f8673943885199bb06cd1652ee37 |
| SHA256 | d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73 |
| SHA512 | 2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c |
\??\pipe\LOCAL\crashpad_4056_BRVBLYLSXPYQCDYU
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | b8880802fc2bb880a7a869faa01315b0 |
| SHA1 | 51d1a3fa2c272f094515675d82150bfce08ee8d3 |
| SHA256 | 467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812 |
| SHA512 | e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 1ca9d415e1ca2bb0f1e9f7ccc672b474 |
| SHA1 | aa76260900006b2cd9b0ef72019a3b8c461b37d7 |
| SHA256 | 95dd9f9813f35f70a22d9813d78e2ece20702a143778d7ff0602d50da1884712 |
| SHA512 | dfaa10658f924be8618d72904e952d5632aafacc0b3b5a3ddd035844f756d1c8c79ac812b578ef267e2829b7abbdb0ef93d1ccb1dbde2d09a6df6cebe9a624e1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501092325441\additional_file0.tmp
| MD5 | e9a2209b61f4be34f25069a6e54affea |
| SHA1 | 6368b0a81608c701b06b97aeff194ce88fd0e3c0 |
| SHA256 | e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f |
| SHA512 | 59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501092325441\assistant\assistant_installer.exe
| MD5 | 4c8fbed0044da34ad25f781c3d117a66 |
| SHA1 | 8dd93340e3d09de993c3bc12db82680a8e69d653 |
| SHA256 | afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a |
| SHA512 | a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c94281f58593d504073a2a9f679addc4 |
| SHA1 | 2f5a97ae496367337dac2a8a7111d38d262cdf13 |
| SHA256 | eacf7c44090227143d784a00b30dca632ededa491e458eb725d3084b39c8a12b |
| SHA512 | 96648750000635812c92ca2436808f7c5bfe61a92d0d8018e60b50ef995183611b07d2891d98e5388f85defac06d5da75005efb495922d4dd580ffa9e8cc73da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | bd7709228e5261f5f6b7c68653a3a13a |
| SHA1 | 9f50c9fc48c84b7b0ffb3821fc95f944d3996cb5 |
| SHA256 | bd712e6e418165bd3027ae1388aad38ff9fa2ca503e3993dea3b1d5e1d0fec02 |
| SHA512 | 264b24561d505200d377530433d2503e51b898aecad509d2b8dba01e260598d745bb25734894885b16476f3f35a18bad80c54f97ca3c29b8992284716cc82d7d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8994424eaa51b89eddc3a0099a40b004 |
| SHA1 | 2453d668a9a5060d5746d64df83ff5213917a8a5 |
| SHA256 | abfebe54b70211ad65b15e95340800c2915d08a81dd5fb87e7909349ebbf6bef |
| SHA512 | 2e962b844b4adc831335159973c6964753fb737f1aa48ebc41200fb8f5a4a32004925489ae8b8d9ff88fb3e108cb772d58e873d098bd5235f646769ef5543001 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | bf35e6be8170479583405d0c09c7cfdf |
| SHA1 | 819fc974489b69b52b7ac82533fc3fc78510772e |
| SHA256 | 0514159938756685fc51145c9f4f65dec81f8f71e930902cd1692b2661d667cb |
| SHA512 | 8aea75700c24449024bc87bb25f1ec59317f1cd4adc7cc566cdac9728a7b6ec1a83e2a4d45d553e1422f2b4acf50996eccfe0c01fc723a0e050567a2840e8fd4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | a2325e88823b8a7b6e75ec1e2815abcb |
| SHA1 | 7589085f500a9fef3a08938b7506ce1385d2ba33 |
| SHA256 | bba16035e3422295476ad8dccbe323a626685034d4f9f4ebbc14981928262fe1 |
| SHA512 | 93c421c74a14fa3b6d7e9101920ad54d84c5fcbaa3034c0b53b303607c7b4d0f6da0d4438eac01ea4ed4cbf34151fab2549c9dffdbd4ba4ac9646ff2652c11d8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe587395.TMP
| MD5 | 4f2c18464bd4aa3a6c7624758fea9a62 |
| SHA1 | 7d7fae07e93f8458a788c07cf6128ab82b517a8c |
| SHA256 | 0c4cf6c8bbb2b0b3b50f161aaf1a22e8b9db57629b548a4a21eed5fc3123023e |
| SHA512 | f8f2d55ba39a47bf12e61be800b036cac8278e4c7035c02b451f0af6885266c6b656f240dc885068b02dbb5b33664a89b016a8d00734c138281821fe21dd6393 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | ee143e3067d611e7e57986d33bb7025e |
| SHA1 | 0db945ce5bccefa004306164034d902d01ccee36 |
| SHA256 | acccdbd69ae36f30700ebe2e942fbd8d6f5630d41da4faa836dd18e552e4e668 |
| SHA512 | eba637f76fd7337bbc76a079fe2841a878dfda287c5c7d7989fdd4fc45850c6954f93b2f999d36bdb6f9d3855affebddfa88b232a95462774e010f24910cbee1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\01b89bf9-de83-4e26-9ddd-d4e16dc2ad71.tmp
| MD5 | d01ab476c5bcbeebe5783c99f7127d6d |
| SHA1 | 4e1bcdd22bceee3db71f1ebbf407b1e5388b57d4 |
| SHA256 | 52609ff44936f33072da1bec577f32458104ec77d5e4076ca125f3db172592ee |
| SHA512 | 158560c02246e374241f69777d69cfdd30160c05f6aeb1e17fa3853ec6cb50b9a94d6d685a8c61e2b68f4782ec10e61af8785eb6b735a0c5203d27c94167eb02 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 6d62d5594a3688d24467ed9b73c031bd |
| SHA1 | 8192baf143f74abaa04d62f789afa50b355c08ab |
| SHA256 | 05364f5c39fd8aefe33697966f9edb6d0c073ccf3e004efa17ff5206255213e3 |
| SHA512 | eb2bffb1857cc55416ed6a7b6b3daf20afc94f7549f94c6f7867b3df7ad2baa838205a9233b02afaf5e043610fb1922e15e65caee56dc157e68be6d927190e42 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 43fb8bb3fa71c189cce1c220999be735 |
| SHA1 | ce93835b09b107f7c47225da75fd6dfbea6ae319 |
| SHA256 | cf249b7e78ee3736fc4b73abb61aece26213967a246a1452bd8691c69b918f6e |
| SHA512 | 9a69cb2280c8b7c625729731dacdca9a83ea4278e9d9c1419de9f534eca214eed67b15a77b079c8f6a0ece0c7903e4090506dfb1dc99bd04324f1221016a0a14 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 2ef2ca69e542abfb306266a0f9e602a4 |
| SHA1 | e26fbd9ecc04d1bf8b2b521c727428633fff0136 |
| SHA256 | 73064a58c531e5bf6ae1876f0a642e7ec4cc70ea0024cc1faa387fd45d87141b |
| SHA512 | fc2298b9cc224e7425ad47a375da384c34001ce5c24487e91c81685bbd977f32783291bfe0a2c7df3d1304369e938b4dad4910ea57d671bbd98c7f7e0116ce01 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | 82d26a2288985954985dff209e15db61 |
| SHA1 | 696c37bab6f66fca88a961c884ab27bb27800983 |
| SHA256 | cc90afdacef86d211a0d54bb6cd7aa2ad32aa09d6b896bccd1f03797f3b83f09 |
| SHA512 | 260d4ff4e5df9093480a92d22192a8824457b9d1b91cb6812fef215f1586a62f25f55811d3c81f9d0a437ffed12ccb95613fdfcd2bca566159bba506232bf1a5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin
| MD5 | 0568300eaaea3da52185188924d48aab |
| SHA1 | 89c6ec561782a878154412c237224074fa9dc428 |
| SHA256 | ecc63f8b502c8cd84b773cded89535f3c52303837249b7a87f6fb75ec5844ad2 |
| SHA512 | 242d17816ee73ac6d61dc396467e905f9548aab3e4cbca03512eb9cc2537f5eed8e65de227de28d39827f0d8aae43ab6bfd5abc4cb2bf44e19e0e883c19bc516 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\4fb79bd5-2316-4080-9139-414b5948f2f2
| MD5 | bf32d32bbfcc527101b88423c34c7c01 |
| SHA1 | 2832a1e01cf0d0050cb5ec32c5e3c3b33bb097a1 |
| SHA256 | 833aad2b80384a3b62ca5f546792a0a70325045ac6ad46548e3920e60f9acecb |
| SHA512 | 191497aadc7c6026219eee7755ddbc2b464c202bc17e942615a6c3a0d7d0174b675ea56f198e32c74d0e1b400122813ef1c496d0417a06ecf4d8cb268fa7b3e7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\3ad4037a-1658-434f-94b7-e8b9adff3047
| MD5 | 733f0c4466cbea674ad139e7dcd5e40b |
| SHA1 | cfeb13a62ed3818481eaebabe397598db4cf7859 |
| SHA256 | 39fed60d3b600450eb2c13396b9aa5f49907fba191226739fc9e6c7d2f71489c |
| SHA512 | 16350a91a82d68ab8742cb9282c153c0cbbeb449493b65642d3c40b45dd9bc26c3cbfc2eee727d2ecb96ed1a97ac7ca55f16895da6bedd53e703fd1d43805401 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 00cb372e486ff28a472f1acd65056b2b |
| SHA1 | 04ab0f04bc56122ebf5c63660a10fbde4072a80e |
| SHA256 | f854a2c196b5fcf85fcceb73d7512464e82c1f6d838ca4f92fc84bfc44f980c8 |
| SHA512 | 2ae2d1bb1d41caa227f817323cb33d65c52e8ff838252c05b5bf26176aef5722011c20f3eaf590dd13fbb9a939122fddf73929ce2d36b09ec903bf7f61d9a051 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\pending_pings\5951b9bf-e042-4918-b93b-c15741ae2143
| MD5 | 9ad0ede85a997a1e0fda4c13af7d2bfe |
| SHA1 | e64de924f14bcf460dc4e4a47df23d00f11da71f |
| SHA256 | 4e82c44e3172b8599668aa416d525bc8269a8afb68f2c7b6fb89941aeadec9bf |
| SHA512 | aca3c08def3b27cdffd21237949e8f4477d74fc9d231a648ae0960562c4d56486258e4d01d9006a3b15652a28454938932762b4b2757b23198af0b56bcdf70cc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | f9d23999e2a9a082e5c2d5e138d1a9b6 |
| SHA1 | 3adeced8215c0be9a8d5bca981153d71f8036801 |
| SHA256 | 2ad8aff2b538a78df7cec443bacb0fddd60e9084d6c420eb3c5d05a96bf932ea |
| SHA512 | 42a79cfe5b1cf96862c639a9f51ff7dd2378e35aa5b2f0ce40bb3e9083df1967da8a7c4489446047dbf1dbc5501775ef9a5f78b42069bbadde33243dac541e7e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 518c34e3056e5045241415f84ac037d6 |
| SHA1 | 9363106639bbf56d5aaf97f4f9bdf6a09c27be37 |
| SHA256 | 8e83fa3ac506608c7e182f11b661f486e76f052391bf3a907faf995e8c0c08a6 |
| SHA512 | 4dc331b3de2ce2b5a2568b0358736c00730636d6e654541bc5e81ccd1d12a875a006182003b4850ba9ddf58495083c2bdcd83f89d4f11a9b345d81243c9a7ab3 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\activity-stream.discovery_stream.json
| MD5 | bb2936ffe2c6fd1fa8d22b206e2643a9 |
| SHA1 | 83103e3a9a9ff0ee802032ac046c0365bf35378f |
| SHA256 | 6c6ca4c477849423167fe02a3dffb227abaaf3c823e18aba3338c96515e2cd7d |
| SHA512 | ac52a600b50ce5ad2b86cd423ef80c931eabd3f88ac5932175e93ee0ce882eda5c7cf8240a48c8cb01edf9680516e615ec38a1e7f563babf00b00af3f255cef2 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\y0bypz8z.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | 96c542dec016d9ec1ecc4dddfcbaac66 |
| SHA1 | 6199f7648bb744efa58acf7b96fee85d938389e4 |
| SHA256 | 7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798 |
| SHA512 | cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\AlternateServices.bin
| MD5 | 0c415bd56e950a1a7b2903631b9ec67e |
| SHA1 | 54735b0480e0157ed932cccee11c27075dd3acc1 |
| SHA256 | b6c76ea25bca0c93e142c3e560a2eb54acda46256aa45b0a06a92b025f6f8c89 |
| SHA512 | 91f572945c3fda06cea2517ca151d37ea7bb419202285a82c59aec4a87477d9142820edb4f20301dbd56a9d7ca6ef082853735903364a6984af8065202911f49 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs.js
| MD5 | dcdf92621c0b4d0d068285a18767f5f7 |
| SHA1 | 8ab4a12f95be7a49dedb7519e41cc9522a9459ca |
| SHA256 | 004b9e79fc40cd20893d1b2f27978b2131d1d4afbdd93383aee6e0b30de3445d |
| SHA512 | 8094451b065824299b1b6679f94f80a36f231809be8dcdb06dde2e229cfc62f2f7c58669d97987338ef248cc76f613c7bdd296a1e0bd9b3f4fa9ab1bbde3d6b3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 30d5149fc2bd8a3f885dc92af509f046 |
| SHA1 | 0674b231fa13f330915c50c567e018cf11a804cc |
| SHA256 | 99df754b6d415d8f0a88bc0d5db45e8a6e930d56b531d0a0f4deb5657300929d |
| SHA512 | 599726c761a424a33371b5d31e6d9a715c597bab37e145e64f89bcbd43f5245f28c2417e854568d5f01dc3af0bcfceafc5093bfebf422ed2b4f200d561545c89 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | dbfa56a88a0a4bb7b9636f65ecacf6fa |
| SHA1 | eae27b12e40f82da2f5d8fc17643536e136c5d4d |
| SHA256 | 448d1aae3f4a766afc51b14cb3713226fae424d14813213f8950f9ee66103131 |
| SHA512 | 30087782c8143c1f22b0e8559bbcbfbab21ead979adbc240b599077a8fa92aec8fcf996f3221f24218f23cff78f96ecc368359ceb3238eae7d0f547e2a4cd804 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f7ac26ab893aba26de62be5c4e6ef821 |
| SHA1 | f19d310dcf550580c837f7b4f84df4ebe804ca72 |
| SHA256 | 22360a0eee32bb2bae86c7594bbfb780cffdc941160adda6240b49ab2f676432 |
| SHA512 | aa8765bdbe04117d84528154c8724776bc4aa1d62416881f83107edcc087292571656ab6ea6eadc626b5f48c10afc5e267e98c9c6c5baba09e90a9ee0fe96d8f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 38b43d1e3bd34c310a3f3cb562cb2184 |
| SHA1 | fc5e4773fe7f3b0087b8435807d7be8ef2ea4cbb |
| SHA256 | 91f85cfdaaf0f0a818553354942d206bc0d41f3d171ba27430813d9e6a5354f0 |
| SHA512 | 14b8003c9cb5a030a6ac6b0349481e806d8ec203122433cfa700d0c0639fdc56f34183d07aa25b191b8c4dbb1d970f3475ce38c60d7fbbd7d945798d41065463 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\prefs-1.js
| MD5 | 3c820b954526393212a3382339b73abc |
| SHA1 | 9e7a3a6f6f95a79ed40e32930dbe0ef906308f0a |
| SHA256 | a1a874323e4b07fe4307c1fa66b7917190d47037f264419d5a94fc091c6b53bb |
| SHA512 | 927a19964ea0004ea0fa7b53b640175e20f969150a47714ca4bd14b8cab0a2a17d8b108800e65e712cf60758ad5d940262f5bfa7a6a1677e7c72de1d57d6b3bc |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\y0bypz8z.default-release\sessionstore-backups\recovery.baklz4
| MD5 | fad7f51d4608c5a7d1ff6d371e935afb |
| SHA1 | 68e005d0870bddcde49c9dd96a840c1ba0a5e231 |
| SHA256 | f72dc067a4a302dc0d9324656d490772d9e0048f43f23a6e6857a7c07beb8dcc |
| SHA512 | 81779d042ee996dd7c19ca493c3ab09fb1e5840d709182d17588410f390f6fe14805c59fefbcaaeddb0f8219cb5e5ea897c1f21d74861aef109a2d6582b415c0 |