0ca390091f158fd125d984f09098b8f069bbad079cbdc1f1045df78f0339893d

Resubmissions

14-01-2025 15:52

250114-ta8ydsskfx 8

14-01-2025 15:47

250114-s8nvfatqen 8

14-01-2025 15:45

250114-s7gpqstqcq 3

Analysis

max time kernel
471s
max time network
472s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250113-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250113-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
14-01-2025 15:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample
Size

4KB
MD5

636dda5207c6cce1716578b5718a39b6
SHA1

c5e8fa98ec7cf323f0ac946ecbf6ae612699dece
SHA256

0ca390091f158fd125d984f09098b8f069bbad079cbdc1f1045df78f0339893d
SHA512

f613b65cf74bd077694545db833c4283ad236ec3ce9eaeb296eecdaef0ff620e04b9c7e0922a481986222c8916ad24401b1305d733a6b14a5b8298a30888909e
SSDEEP

48:Jv3nmA2B1wjPIJlPJlfJlGJlOk57TFQ/POp/ssT:heB1wjklhlRlClOk57RQ/POp/s2

Score

8^/10

paypal defense_evasion discovery phishing spyware stealer

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 9 IoCs

pid	Process
6020	OperaGXSetup.exe
6120	setup.exe
5184	setup.exe
5344	setup.exe
5580	setup.exe
5644	setup.exe
5552	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
5652	assistant_installer.exe
3020	assistant_installer.exe

Loads dropped DLL 5 IoCs

pid	Process
6120	setup.exe
5184	setup.exe
5344	setup.exe
5580	setup.exe
5644	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Detected potential entity reuse from brand PAYPAL.
phishing paypal

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File created	C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\OperaGXSetup(1).exe:Zone.Identifier	firefox.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2503671516-4119152987-701077851-1000_Classes\Local Settings	firefox.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe

NTFS ADS 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\OperaGXSetup(1).exe:Zone.Identifier	firefox.exe

Suspicious use of AdjustPrivilegeToken 11 IoCs

description	pid	Process
Token: SeDebugPrivilege	848	firefox.exe
Token: SeDebugPrivilege	848	firefox.exe
Token: SeDebugPrivilege	6120	setup.exe
Token: SeDebugPrivilege	6120	setup.exe
Token: SeDebugPrivilege	848	firefox.exe
Token: SeDebugPrivilege	848	firefox.exe
Token: SeDebugPrivilege	848	firefox.exe
Token: SeDebugPrivilege	848	firefox.exe
Token: 33	2348	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2348	AUDIODG.EXE
Token: SeDebugPrivilege	848	firefox.exe

Suspicious use of FindShellTrayWindow 21 IoCs

pid	Process
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe

Suspicious use of SendNotifyMessage 20 IoCs

pid	Process
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
6120	setup.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe
848	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2904 wrote to memory of 848	2904	firefox.exe	85
PID 2904 wrote to memory of 848	2904	firefox.exe	85
PID 2904 wrote to memory of 848	2904	firefox.exe	85
PID 2904 wrote to memory of 848	2904	firefox.exe	85
PID 2904 wrote to memory of 848	2904	firefox.exe	85
PID 2904 wrote to memory of 848	2904	firefox.exe	85
PID 2904 wrote to memory of 848	2904	firefox.exe	85
PID 2904 wrote to memory of 848	2904	firefox.exe	85
PID 2904 wrote to memory of 848	2904	firefox.exe	85
PID 2904 wrote to memory of 848	2904	firefox.exe	85
PID 2904 wrote to memory of 848	2904	firefox.exe	85
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 3952	848	firefox.exe	86
PID 848 wrote to memory of 2232	848	firefox.exe	87
PID 848 wrote to memory of 2232	848	firefox.exe	87
PID 848 wrote to memory of 2232	848	firefox.exe	87
PID 848 wrote to memory of 2232	848	firefox.exe	87
PID 848 wrote to memory of 2232	848	firefox.exe	87
PID 848 wrote to memory of 2232	848	firefox.exe	87
PID 848 wrote to memory of 2232	848	firefox.exe	87
PID 848 wrote to memory of 2232	848	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\sample
1⤵
PID:2708

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2904
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2020 -parentBuildID 20240401114208 -prefsHandle 1948 -prefMapHandle 1940 -prefsLen 27137 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a790c3b5-2c12-4fe4-81e6-bc3406034251} 848 "\\.\pipe\gecko-crash-server-pipe.848" gpu
    3⤵
    PID:3952
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2428 -parentBuildID 20240401114208 -prefsHandle 2404 -prefMapHandle 2392 -prefsLen 27015 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3efe3bfc-9b5a-4cf2-9642-c3d42ce8801f} 848 "\\.\pipe\gecko-crash-server-pipe.848" socket
    3⤵
    PID:2232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2832 -childID 1 -isForBrowser -prefsHandle 3140 -prefMapHandle 3128 -prefsLen 22698 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {eb114466-176e-4c7b-a929-117323582323} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:1192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3960 -childID 2 -isForBrowser -prefsHandle 3944 -prefMapHandle 3940 -prefsLen 32389 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4d6b7c1a-08f6-4613-81f2-5ee7a0363d85} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:1388
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4600 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4592 -prefMapHandle 4588 -prefsLen 32389 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c8fee530-6775-4951-bb51-4d9592995a28} 848 "\\.\pipe\gecko-crash-server-pipe.848" utility
    3⤵
    - Checks processor information in registry
    PID:2504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5600 -childID 3 -isForBrowser -prefsHandle 5448 -prefMapHandle 4624 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bfcecc20-b560-404a-b2c8-8f6ab77eb00a} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:396
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5800 -childID 4 -isForBrowser -prefsHandle 5816 -prefMapHandle 5812 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d812de92-2553-4f3c-a506-6a61d2311fdf} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:1152
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5988 -childID 5 -isForBrowser -prefsHandle 5980 -prefMapHandle 5976 -prefsLen 27178 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c7271fa5-856b-45d9-9d47-f3557dfd2b37} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:2904
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6304 -childID 6 -isForBrowser -prefsHandle 908 -prefMapHandle 6272 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a6064403-ed9d-49d2-ab76-9ed0bf8d3497} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:1844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5408 -childID 7 -isForBrowser -prefsHandle 4864 -prefMapHandle 5184 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aad5279d-99db-4da1-b821-0a9bef7d2e44} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:2308
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5076 -childID 8 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 27823 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57464cfd-1599-44f9-8277-0ee0459edf13} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:1492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6380 -childID 9 -isForBrowser -prefsHandle 3528 -prefMapHandle 6744 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d3bbb506-8f78-4e92-938a-e635a9d78cbd} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:1056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6796 -childID 10 -isForBrowser -prefsHandle 6456 -prefMapHandle 6264 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9424c7b9-70fa-4020-9866-042e2d24821d} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:2936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6856 -childID 11 -isForBrowser -prefsHandle 7024 -prefMapHandle 6840 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {59e8b008-aeb8-4b3a-9696-1410fe835f6d} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:3312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7208 -childID 12 -isForBrowser -prefsHandle 7280 -prefMapHandle 7276 -prefsLen 28044 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69e484fd-b05d-4f92-a858-dee48e6d1907} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:3856
- - C:\Users\Admin\Downloads\OperaGXSetup.exe
    "C:\Users\Admin\Downloads\OperaGXSetup.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:6020
  - - C:\Users\Admin\AppData\Local\Temp\7zS487EB578\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS487EB578\setup.exe --server-tracking-blob=NWE0ZGZmYjBmODAxMDdjM2U1NGEwZWQyMTQyYmZlYzNjMTMxYWZiZGI2OTBkODBhNTE5ODI5NjllNjk3N2YzYzp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9IVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD1kNzk5MTk4ZjcwNTg0YTc3YTlmODQ5Mzk5M2E3MjZmMyZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWQ3OTkxOThmNzA1ODRhNzdhOWY4NDkzOTkzYTcyNmYzJmRsX3Rva2VuPTM0MjUzNzQ3IiwidGltZXN0YW1wIjoiMTczNjg3MDAxOS4yMTE1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NDsgcnY6MTI0LjApIEdlY2tvLzIwMTAwMTAxIEZpcmVmb3gvMTI0LjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fR0JfSFZSXzM3MzYiLCJjb250ZW50IjoiMzczNl8iLCJpZCI6ImQ3OTkxOThmNzA1ODRhNzdhOWY4NDkzOTkzYTcyNmYzIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImY3ZDFiMWYzLTg5MzAtNGUzZi1iZDk3LTM1NWExMDYxZWY0NyJ9
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      System Location Discovery: System Language Discovery
      Modifies system certificate store
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:6120
    - - C:\Users\Admin\AppData\Local\Temp\7zS487EB578\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS487EB578\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.142 --initial-client-data=0x338,0x33c,0x340,0x314,0x344,0x74c7ed4c,0x74c7ed58,0x74c7ed64
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5184
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5344
    - - C:\Users\Admin\AppData\Local\Temp\7zS487EB578\setup.exe
        
        "C:\Users\Admin\AppData\Local\Temp\7zS487EB578\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=6120 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20250114155343" --session-guid=cc57af79-aac0-4a06-99b0-d2b8705fb32d --server-tracking-blob=MGZkMzQzZjI0NWE2MzkyN2JkOWExYTlhYjdmN2ZiMTFiNTUwZDRlMGM5ZDM3ODdiNTgyZWY3OTI5NzcwNWVkNDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9IVlJfMzczNiZlZGl0aW9uPXN0ZC0yJnV0bV9jb250ZW50PTM3MzZfJnV0bV9pZD1kNzk5MTk4ZjcwNTg0YTc3YTlmODQ5Mzk5M2E3MjZmMyZodHRwX3JlZmVycmVyPW1pc3NpbmcmdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWQ3OTkxOThmNzA1ODRhNzdhOWY4NDkzOTkzYTcyNmYzJmRsX3Rva2VuPTM0MjUzNzQ3Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzM2ODcwMDE5LjIxMTUiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMjQuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMjQuMCIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9IVlJfMzczNiIsImNvbnRlbnQiOiIzNzM2XyIsImlkIjoiZDc5OTE5OGY3MDU4NGE3N2E5Zjg0OTM5OTNhNzI2ZjMiLCJsYXN0cGFnZSI6Im9wZXJhLmNvbS8iLCJtZWRpdW0iOiJwYSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJQV05nYW1lcyJ9LCJ1dWlkIjoiZjdkMWIxZjMtODkzMC00ZTNmLWJkOTctMzU1YTEwNjFlZjQ3In0= --desktopshortcut=1 --wait-for-package --initial-proc-handle=3C09000000000000
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        System Location Discovery: System Language Discovery
        
        PID:5580
      - C:\Users\Admin\AppData\Local\Temp\7zS487EB578\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS487EB578\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=115.0.5322.142 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x7233ed4c,0x7233ed58,0x7233ed64
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5644
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501141553431\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501141553431\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5552
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501141553431\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501141553431\assistant\assistant_installer.exe" --version
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5652
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501141553431\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501141553431\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x724f48,0x724f58,0x724f64
        6⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:3020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3656 -childID 13 -isForBrowser -prefsHandle 2760 -prefMapHandle 7268 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f6d2db9d-a741-4ac0-9611-e559bebd1445} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:5908
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1604 -childID 14 -isForBrowser -prefsHandle 6260 -prefMapHandle 7528 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4ba2d3c2-8646-49a2-be4b-3f3e2ae6660d} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:6076
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3588 -childID 15 -isForBrowser -prefsHandle 7236 -prefMapHandle 7296 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04b0fd4e-1252-447c-9c13-5b4049c04d75} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:6068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8536 -childID 16 -isForBrowser -prefsHandle 8732 -prefMapHandle 8728 -prefsLen 28084 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {999788f9-e216-47b8-ba1e-fc4b286d4f94} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:5824
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3952 -childID 17 -isForBrowser -prefsHandle 5708 -prefMapHandle 8208 -prefsLen 28328 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc144f59-3c89-48d3-b8c8-a0c92e431228} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:2208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8476 -childID 18 -isForBrowser -prefsHandle 8324 -prefMapHandle 8320 -prefsLen 28328 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca87987e-0e8a-4444-9bde-175a24496dec} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:4452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8984 -childID 19 -isForBrowser -prefsHandle 8992 -prefMapHandle 8996 -prefsLen 28328 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {919203b6-c298-4a0f-90f4-d5c428274b4c} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:2828
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7524 -childID 20 -isForBrowser -prefsHandle 7528 -prefMapHandle 1292 -prefsLen 28328 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3db2a09c-5bba-46f3-ad34-d5108ff5dcfe} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:240
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9324 -childID 21 -isForBrowser -prefsHandle 9344 -prefMapHandle 9340 -prefsLen 28328 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c3c3f537-1c4b-4402-a864-09aeafe030e4} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:1736
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9692 -parentBuildID 20240401114208 -prefsHandle 9296 -prefMapHandle 9272 -prefsLen 34251 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e616cc9-6f27-4857-a1f6-7eba312dfb2e} 848 "\\.\pipe\gecko-crash-server-pipe.848" rdd
    3⤵
    PID:1172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9668 -parentBuildID 20240401114208 -sandboxingKind 1 -prefsHandle 9872 -prefMapHandle 9868 -prefsLen 34251 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7162fbb0-4122-4352-af27-05fa6db4584b} 848 "\\.\pipe\gecko-crash-server-pipe.848" utility
    3⤵
    - Checks processor information in registry
    PID:3232
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8788 -childID 22 -isForBrowser -prefsHandle 7220 -prefMapHandle 7264 -prefsLen 28378 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3cf86d5c-ee7e-4175-b95b-d46350f97d26} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:6056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9768 -childID 23 -isForBrowser -prefsHandle 9764 -prefMapHandle 9772 -prefsLen 28378 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c96ce922-845f-4ea1-9828-f93935b9821c} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:5508
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=8720 -childID 24 -isForBrowser -prefsHandle 10392 -prefMapHandle 9036 -prefsLen 28378 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a01fa41a-fb5c-43ac-86dc-b2fb739d955d} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:5208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=7232 -childID 25 -isForBrowser -prefsHandle 9160 -prefMapHandle 10140 -prefsLen 28378 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {98e58f93-fdf6-4678-922a-c8eec4fe2fd3} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:5816
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9460 -childID 26 -isForBrowser -prefsHandle 5148 -prefMapHandle 6784 -prefsLen 28378 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e610505f-1490-4aa6-b85a-79ebc483af4f} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:1156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1428 -childID 27 -isForBrowser -prefsHandle 8716 -prefMapHandle 8912 -prefsLen 28378 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f78ca1d4-7cb4-42f5-b18e-250d8af7f484} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:1760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10648 -childID 28 -isForBrowser -prefsHandle 8112 -prefMapHandle 4240 -prefsLen 28378 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {deadc27a-f2e7-40cf-b5b8-5f887b4ef06a} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:5668
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10708 -childID 29 -isForBrowser -prefsHandle 7448 -prefMapHandle 9240 -prefsLen 28378 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38246830-e042-476a-a7a8-a7fa6a6bc28b} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:5936
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10408 -childID 30 -isForBrowser -prefsHandle 9260 -prefMapHandle 8984 -prefsLen 28378 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fbaabc0a-3da6-4bf1-b301-7e5f08ed16bf} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:2052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9400 -childID 31 -isForBrowser -prefsHandle 10244 -prefMapHandle 448 -prefsLen 28609 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0a28696-ff18-43fa-8875-90c7ff5589d5} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:2996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 32 -isForBrowser -prefsHandle 7344 -prefMapHandle 7348 -prefsLen 28609 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3273490a-b7c7-48e9-b057-a3a20392e3f0} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:1476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=10332 -childID 33 -isForBrowser -prefsHandle 10360 -prefMapHandle 10284 -prefsLen 28861 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1f289670-b8ef-454b-850a-38c116a13d7e} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:5476
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=9204 -childID 34 -isForBrowser -prefsHandle 7232 -prefMapHandle 7356 -prefsLen 28861 -prefMapSize 244658 -jsInitHandle 1156 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6b66b808-7fef-4fbc-9666-35a24377466c} 848 "\\.\pipe\gecko-crash-server-pipe.848" tab
    3⤵
    PID:1616

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x2dc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2348

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

Filesize
727B

MD5
7cee97009eeecdc0defbe409745710a1

SHA1
602bbfa803554d23fc66e7d29bd6cec235b70e1d

SHA256
f69859dfa31b74280e63c2d50afa86da97632612fe2389d8226849d86a967b0e

SHA512
9e8265c7e8c8b4dfb238a3cb407c9a7b18f2068491c35547edef6999840005029de588ed5826c8b382dbd03510c788f7627c42b1711f3aa30bc3bbfd22e3477f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

Filesize
404B

MD5
759b3652297430ae22bcf8a9e62451bb

SHA1
0220598cd019193ba22d7175a18b975cbd1a48e2

SHA256
5d8a008abd056968f0235bb4d682225915298384c3173c3854c12e330043d285

SHA512
885ded1bc1f34c4a677a5c1f725961bb497188c974616c9ab39b50e77d2327fc358f1b6aa39114c141f0b89988a160b2104d5a38312dca90320aa48e6288b8d5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
7d8701da391b8684707f85faf1b116d7

SHA1
2c475add0d34701c79a3386ec9b371ea2ff2bbad

SHA256
0d64e15a1da8ea2391c74af0e5fe86be0821d4862338181df06068df06ea17db

SHA512
01f0241aa183810afb2ca2637d853a7b41e3370df59a60b461d1e618038a5a9f8fa72c66c571e499bd333e83b864686ab5094047c1385284bd389e64a9699d7a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\03AAB6E1D0EF1FCA0C1870E83EBF17F2AB9DC34C

Filesize
1.8MB

MD5
33d3ed73b71aca79d0a6c7433ef53382

SHA1
02608a1d6935ff2734ca8c301a00dc9a3f152657

SHA256
4cd24b7b19c73c2fa5dbf7a83397ba6bbe76204bcee67b30e144c74dae9654d8

SHA512
5eb81b0cd006ba2e26224c073f6b75106f351593a4fcdc9d6e49be57b42fc1f6f09685c6a15d08dc99c7f1142ba31f2ab0801352f77d24916c84f95128dca527

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\05A420629D8120E25E9195B92AD1CCEE335E48D2

Filesize
130KB

MD5
524bd4abfa3f82ecd06e503254ec80fc

SHA1
2892e161d0320187b32b825238587e0f9aab25fd

SHA256
4656dbf6a56a89063fea319c50fe3d9e7138c81faeae92630c3c83968829a4c0

SHA512
986db09c8031c1497f317122e0f4b9aa90c71a812d6a6ece4fc11c55b9cfd45c2c217e8ab3e23ae778dd86f7004e4de0ac1b456b5a06ad59e1d5adef11ce1589

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\0B10D3203BDFA5E041F906A15FCBC771834FAC9C

Filesize
26KB

MD5
7e78e2d67324a141df02cdf7c1d8d461

SHA1
4e2fd2cb52288abe77b444d15673e4e6f4d1ca36

SHA256
307c8c3ebd44ec510261bb3bae09c9dc6582d4db172f50713dd4f6af53a62e9f

SHA512
01888b8dcaf06ed7087d876847158569754687d6b75abfdeb858da67a167c6a62b2946e82d38450dc4dea55e727ff3c9e093c068389ce472fc6224a5cafb84af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\11A61B087C137FD957DAF4E05FF596CEE560CEF0

Filesize
14KB

MD5
4d25b7be45a499931877fad7dfa8cab4

SHA1
9b78760bdb37e51e587261289a713ea131e68d59

SHA256
5103ffc6b81538803ab407f39cbe02da3ac0ec2eaa7a7df7c4a9baee5f3208f5

SHA512
399a0d0aac8acbda331805940afd323c4620e914787ecc39cbddaca47ccad25b8e76d5b7693306fb31477b0ceb003d17633091b2b7b75943addce250dff64fb4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\15E2520F7DC19A54229F87614DA6EE2B0FDC29A2

Filesize
36KB

MD5
2dbd472244fed52dffec9cd921397d1d

SHA1
aafb43fbb4adc5865db36330b1ac2fa900cc4cab

SHA256
a0f3c124da4faddcd9ee325d431a98f22bcfd29e5b68a33a1aea7f0fd2d5d34d

SHA512
4d559dd8c4d2231f80d010418e3861543d31246a8078ed7410110931f48b5943f1d0f2a5a75cbcb88008db44d7364ee3c2c00019f3e31ce27dafffb594214b21

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\229E582A375410A934EE5E29E40F927F172AF372

Filesize
36KB

MD5
9c39f81f663c621f3ecdf43b3669f651

SHA1
7d6a1b1e4c8fd9270c97b06c3666ef93f015508e

SHA256
eb5f79a19685e76133df76de22466f70e6be61e53f7f16b371c5f140509441ff

SHA512
d07dbf17109ee8e0b0d04beaa5a47129a6872cf3f04be381a27cf1ff4363cc3ad6c4541dfb1a89a4a43437fb624fb45e17f3c4eda99cbd6e43d3ce0fab398099

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\2BA8D50BAAB027C18285F56256934D05B106DD59

Filesize
31KB

MD5
995bb25274d7059b374a84e650b595d8

SHA1
efacab990668c68ca8641490ac4a2ef1152bcfc9

SHA256
ef96753dde90f0890ad55cff80d347c261e613bdc0c2d6aba83a8bcf1fe73c46

SHA512
9650185f90d2597da36d8886cd68a02b685e97810a314c7101026af3212b6902057dad437dbd8be7705acb2f0cc5b27e2f825ef5d3a9d2374da375b028c431e7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\48FA8DA926662EE08B5DB917E616E4E27EF1673E

Filesize
456KB

MD5
3474c9245cab80e460635654470da797

SHA1
561c31dfdc177741d3ec1178a5b6437880570c4c

SHA256
028267de50cba51b8b9f32a75b247f6926b6b44fc4889f229c323af28a9054dc

SHA512
3b374dbf9588a3f6f2f503a57ffcf4223ff6cba7f0a3249d595a5bc75b205b5f36d20a103d5ad0de12d70cba73a07d4078fbe7a72d7dcac60811edf9282aef1f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\4E659736282EBBB9FB2DC0828914DF35032D860B

Filesize
37KB

MD5
249e381f0033205f64b4b04f6bca5bac

SHA1
6a464b28030c7ad067abc242ee65aa1172a81722

SHA256
af72cccae2578097480f70843e3272e3b6f29e4079d9a6b13c51a0d18be1a08f

SHA512
068a247b39d2835f959f56f5aa011d98ab656621dd8966073cac5500f2d621fa33a126fed0c5ea9b6b16d539e7a5696cb392ce945a3f4a62cf44de6eb8c202a7

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\66DA2CBDA410D3D7AC40817DB5C83468D25CE94A

Filesize
17KB

MD5
e0d950e58b4221ad7ab6ef5e35f7cb14

SHA1
d1770e0a395927a5cff66bb5fdca36304d778df8

SHA256
ca8d8f259c3192defe89de9ce3a7ca7d6f283b0528c17cf1f071f80303330cd3

SHA512
b460721a40ccf0b952be9a1cc0e9aa1709dafb4616849305fcf4925938ae2877a5633b0f2301deb2747a18118ea9b3f101fc9e78de24320de3b8b4b1c9a56831

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\9311AA2274A340C3F1C7C6C1838A86FE8EB4B767

Filesize
17KB

MD5
3d414ac8fa05bf1bbabec7e484305f1c

SHA1
06b08b9d07940edf659863ca44491f401feb3b5d

SHA256
c9a3d8ae3881f2e60ffed0fbee845111255854649fe99ee7b33cf0897188c53d

SHA512
9c1a22eb4eef5a230f7afc554621b20f4749d06e6f90a164a601e8b16b5121c0fbdbb91586d48cea907ac67894b6c48bf45d8f96fb951ae77a208501d5d9e8b5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\AD700845F05F37DADBF2C6CA3DDE5D0A94DE11AE

Filesize
224KB

MD5
6de6b5dbb3f7a89a505f0d7866c7643e

SHA1
5aa9252c02aef8502f610c8d73cb52811ee0a653

SHA256
19b5ab8624457e49c26b4197ed4d24ea86c7d67a1667a9725ee6aa6ef352cfe1

SHA512
4e7010aae3a65db0676a16beaf203dcbf8f3995472ced8f3eb1ad06707bf53f3eea2579f3ffe4cfb7442ff1cbc7e5a103aa93f725282c6b52b9ebffd328ee36d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\B6E75C814BC170D9C14DF212191B1DDB421F6EDF

Filesize
119KB

MD5
d8576d4f438719fdd489cb86294c45bc

SHA1
e9799ea6ef25ab6367b590cbc8c752be761b122c

SHA256
4ba382a0fb543950bb5927e354d6e978c7a0c9ff4c2b2a222cad0aa132980eab

SHA512
f869dc721525e6013800240f66815d494e4b1a5496dd630d3b817cbc653e359d028cbec85ddbf204198c225f1bc1c3e6b0309a7a4219afa9ac87fbe4c310b3ce

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\C67EC1485A6912737D026DB0F507580E7CF0D0C6

Filesize
224KB

MD5
7ff3b94afa66517c669b0d0762110138

SHA1
bd976056053de84d50d8a5021e8dfe37cd7636c7

SHA256
f75263ca13dec6e98676de7949368b223f9d61078474a8f1be039c7e3d689ac3

SHA512
9f4f9898cb753fa5783bd059bd09e05ce096fc54a8cec4120b93140e9390fea1e0e3a99f71f344ac6ff94aff06c322c388164b00533196442586ac4c7528d069

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\CFBEDF6D98A00B7B4A38BDFBED0BB8C497B14721

Filesize
12KB

MD5
547d4820b9f246df7479f02b34f7e60b

SHA1
2ae9b23ba3361bdaf70e051e250f97626f926ab4

SHA256
5a1c33ac6559c3d4fd5be37dbdcf797f9305ec18aa3dbb8cc01e748d66d5c439

SHA512
1d7be9d71d0eede5064f498b65478554be4e9018d46d2c4405ba1afde3e1237f699e728ecd631b821f59a23d369ac6165f7867faa9994cd3e1d32410e1363c25

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\D097ADD2850D814D07863EF47CB6939928D37CD2

Filesize
1.9MB

MD5
dacc851116d23e379bc4082b8144641c

SHA1
5e1f5d617c8e3d14c6961c1534ddb529718edced

SHA256
74e8f6c4ee362dc998ab43012ec30e0c2a781afdeca382956022b0644a4ff117

SHA512
f23b44620dd4118baf657d6b0dc5cef16579d7dfe117557e79672fb7e98449e7b5b795fa99df7cb98f1495d56102eac91413ef42e659acb19ed3bf6bb4bc38b6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\EBA19E45B99999F7597E86B83AA8D2505F50442F

Filesize
22KB

MD5
37bc2bd97b0c54dd4c07f16caef0be2c

SHA1
c8a58c1c2ab95f3d01c50d9d47b773a1e5390a4e

SHA256
39f6df7eb334f3cb062fb8927c9210cdc47b8cc217e0ec66080a1ce5d33811a6

SHA512
5bb7127cbb4e5c70c10f54fc6a08267c37953b37963c062f06e0610a578abf5a62e08d2081605d79cb0e59999a8f266ca8b51adbe268d3fdc0e1c213c76bdcb0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\l2vosokn.default-release\cache2\entries\F2DE722A20BC2200BEDB3F597AD856D5ACCC65B2

Filesize
17KB

MD5
f7ec41b41b99927a9bb9412d8f315324

SHA1
623aed8f21262e7ad6c5c5da2e6c1e1d7b88f053

SHA256
8e64d4988b40929269158ec47c894cd13d277b699a478ef82aed27aebf28c5db

SHA512
df569477e476b49f152ced2c406af0f03754e1ee03846dadac3cbafc1474e23dd79c6e0e8ee40057cbae9baf7a463bc8fa4664779d7e974ec6a9f7010b1d0844

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501141553431\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202501141553431\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS487EB578\setup.exe

Filesize
7.3MB

MD5
31824cf3d0d413089f861f703997857e

SHA1
3f9f8b948abf1c5f968444f0b2fa6ea64d74c344

SHA256
71e528e4c023b2acafeaa8551c691f83d563abacf534a05d2d3b9d10ed02fbe6

SHA512
70f4d0b5721ed1f785f31082f59acf529c847489824301651353c3aa079d53d4b8e77b1a86df4adc3b35db4731ce2d0bc685fbfa6899dc03702d673c9fd7288a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2501141553431186120.dll

Filesize
6.7MB

MD5
5614930f6f984c8f2e36ab2df60a0bf9

SHA1
495a0e214cf5b97336a0bf7d419a0e6f08b271ff

SHA256
a0f1430b90e328b644e58446b716366449696fbf8a10e2bcd804fd4ea2bce542

SHA512
bd43755d662be76e3b15ed3fe1c1f25974b9a57d93c09b15732efb2c9ebd2b411a92c216062f6b28f0187e11d2ed0ccc2657f9ac878e631bef11b409b5948ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
61a35e10520b8c0edd7d6864e753b6dd

SHA1
a2da16b3c2c2f1eeb9d7ac8f7b641b51ced93a37

SHA256
0f2d0ef1868d244c495570a6b47b34e8b8f3d0dd8a091fd516d34b92fbb1da61

SHA512
c5d1b6e71ec741d91105c8e134e160ec49df2aebe82c8c056b17b0965a3361095e792e79f82a1431e903380eab8d5b58ebf6b186de6a193d75cd3a07370a5dea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
986fb820e9905365049d392d29be95a1

SHA1
72d4a06b433cc0eca3136e848ba39c6031a0d634

SHA256
659e458b1a5a9045ed4e51ac80cd0acef592fdcef226b1a267e25686d97ba21c

SHA512
436a69d28d51c70aff81b94f43489d474cd5b949e334f2270179b1272c4712ed1281d659c66342e1837b9c9803f8bcf4abd7dd56c88f65c3ccc37068f11a7f92

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
22KB

MD5
100ee726d61fc1fac75a8aab419dbb53

SHA1
d024b8c49df558c22c0b74ba824b8c25d6eedc69

SHA256
c73fa97ee00c83313ed29e5b09c4c3370d95f3ea8a2cb7a80f833cc418c5fa3f

SHA512
e127723c0f0d9f39d8eeb6f2a1cb0d65b91861f990724d1818679fd15a1b76e5a0a477ac1362350cefc536af40d0682c1a37fd1417639c1ac5ed3babced912d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin

Filesize
8KB

MD5
334fdbbfae5ddd267e574b8a36efe329

SHA1
f3201c2e5646fceacc0a6c121f30dead9d17e4a9

SHA256
bd5f647341e9ec8d0ef329cf74c1ae047347ffb6ba017500873de7e8d1ceeb60

SHA512
9dc9de2695ddb4b977c0391b78ffa35692af846ef8354ea2d2c3e42ccdb6976e945af0cdf0fac36dbf64b4e0bc19815009e620145fd01406c4c12d824046af4c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\AlternateServices.bin

Filesize
12KB

MD5
3dcadb65bf7f9cf7a85ef74b46186773

SHA1
6554ca427a49a102a3eb274ca1cceb15c8a1a9f7

SHA256
f965d702d578d22e31d2ffe966247b6902389e5b1b1151526a8a5bf62f8805a0

SHA512
28804f6db5327fbc78fa2d60434e6c8a1edf09ebdeea24a6a9c085a6a11dfa52e7d25e7bcc9b885ef2c7f3f55e1abe48bba7c2f26d602362d337425b42fdd6d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
9b67ff4e46351a9ebc6f6d4a614df1dc

SHA1
f5f30ae4836c8b6c8649c58cc62130b2880d8013

SHA256
a41895b1fc3c307264398e0da0af2c1a22f6a0ad8a96f9ec641e249b6d638cd8

SHA512
d76ee694155ad74ac38565d938a6d15ea1e9fa97112bc07a7b61d17990eb05a6ab0723e11bebc98a22a0ed7dba4b0fe2beae6f3f38e6fd2da66283462893e976

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
55KB

MD5
6821b880035f7a289fd6b88dc56dcaf1

SHA1
b8f7cc8eda3a4559513b255f90d26f471b4581bd

SHA256
85184911a81f62b6cd9496241231c25bd516f974f42132110748249f5779e2d2

SHA512
d65a28465048890c4716128ccc7f717fd0a9f78070aeb3393abdd80df04e820858b06398ef3e809f72b8af2befdcb686a5706fbaa410f2ebcf902c56834cbd73

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\db\data.safe.tmp

Filesize
58KB

MD5
1197e0d3512de42e820aae389b2e2c5f

SHA1
008ce7f7f2e36fe3b7bd6e45145f83cf3d8d4105

SHA256
34161b5a109804acb5c38119cb0c93ef0683b816e085b6fdcb65dc1b5d031163

SHA512
98db499c07b7990aae56995ead24494d007dad657459d6a04b842ffa086dd7d5d2c2b57ca60a155f14dac616be55bb04da2d622f8edfed2eb9a7b6afe774cec5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\08618671-3562-49ac-9ac4-519120e28cee

Filesize
24KB

MD5
096fe7222b020c7b479a964d1b4cf9b9

SHA1
b54c589ce381234c3e13149d5c3885d2dccd0ac9

SHA256
6f1d78a91dc57614ac6710adba4d5f5d443618051461eee3799fccfe105d5551

SHA512
f25ddfaf5b42a0685c2b26fb1f8e22818be457edff7e86392bfebfd15d13efc940869382922e1735a1b91cd59ae63ed66b2c262dfa9f5f7f9663dfc1f182fde2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\13cc48ec-ebd4-4ff7-8c87-f275cf4864d9

Filesize
847B

MD5
8153ff25d997d669179acfe9c63cecc2

SHA1
f1d47ad31287f932c3a42945628f6910a9b889ac

SHA256
6d669371fdb5e543c264e4e83c4e8b26125e03db942bebb9de117293399d939b

SHA512
a2696908ac64cac155e4ddcb2d5b43672b68765ac4b45371c5bf1ccfc1496165a678bc284a4e22a15123f76015ab9db1c1c868ed22c5a2a8b982b4915b0d6805

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\27cddd39-216e-41fa-97db-519b018c2770

Filesize
1KB

MD5
b3194142e50dec9c4be9737215e73570

SHA1
658f4b1206e536e391c94becb98a06e1f86283be

SHA256
a0c68e2805284790a2cbe53eb8548c578625f1648c2bf6867b0d03fcd2c63db6

SHA512
2f395f085756e8f2eab7ba0a4498f45bf09248e38e79fd8b73575121fc09d864cbc52bfb278c4450d1ec67d34c0cbd3bdad16a7b01e668cdaa06909aa60d2acb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\e51cc8f4-a765-42d9-9eb8-b7720f05cf53

Filesize
982B

MD5
dde70499b18cdb7569e729402fc76992

SHA1
d6c9a7d85416f070904b0ca4219ba525d00162de

SHA256
ae4b5b24914c01e147d446e7a2bad38c3dadc11d5812b5a3eb6b2d95d7e47b6a

SHA512
2a3d06e45b9051c330e0c5c187822c9b51e958fb91cabcb2e3d8d415d746426de2123d86677803e36f250e1078a456601a2739de0d855264dc88228011d37c12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\datareporting\glean\pending_pings\e67a6e97-b571-4504-8598-90752b7d9cd8

Filesize
671B

MD5
e8f98e116d80ab255049c4deb46cec8b

SHA1
16e3048332d32d4701dfaebebadc858df8188a54

SHA256
674feab2972808170316a5bd1e3b1fadd503b4fae99458522f22d32f9f6e8db2

SHA512
3ff705d1ceb63b48279017370a905ff02a65ca9103b5d5a3f11bc760587b4d21bbcfed78323b6006e0ff40d9441a5a1e9d9fd81ec7ca0b0bd5df215237c76ebd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs-1.js

Filesize
9KB

MD5
0b8688937d37b3ebeb3075e4901fd545

SHA1
123725a0626479a7c19b93a43b08c5196974b7a6

SHA256
8d685ab7400d9aa9aec372c7da46deb7170c44f3ab8c327a8c7c9b22c3c00b84

SHA512
2b32ffa7d0752044e33125f9c173668a6967dabf03dce5c256e9fa1e2f594df0873c013bc9f78c3bf83829a0103b7f3a041246c77cbf24d180b6d7677e41a322

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs-1.js

Filesize
10KB

MD5
b1dad26bafd75a61c87c96e5f6c3a540

SHA1
1844e238b176e145eff04341854508278e922f08

SHA256
9a3eccb95a1af5e25079a5c7ec44f9f22aa8aa799ae0098c70b5debb142111d2

SHA512
f4d5045ff86c6dc56b4570be2e113fbfdb278206fbcce8cad728f4b11d7dd78e0a9dd03fd92a9bb52c602dd19578c760a950148e4655fb79b990b23d3a466e27

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs-1.js

Filesize
11KB

MD5
373e6ac92071274bf6dfbc50fd190242

SHA1
14d1affedbbf1bd91af22e4695b3c38ee0173dec

SHA256
05fed01a57d4ea93d58c5a8b0b8c36864a4c9ba71da3f3acb64ff9c20acdc420

SHA512
e322850cd9ec7e00ed95362f6a0c6fd84f0a37e10bce4f23256f4a1c7aa702882ffa63eb617899efa14459b41885326bb4048bbbbf83a0a1e6787b8ea2a8a340

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\prefs.js

Filesize
9KB

MD5
fd2521b83f8fb8ca85b8f0194ba6b4da

SHA1
1a05d4c3769e79469f21b0a73ba1714355dc99bd

SHA256
6c3bd988f34d5b19b5a59630f94eca709d046d4db29a36e05c080d22c95f6ca2

SHA512
d741c5ccfebdfe0bfd56dd274d2cb25b5d1b3dcab1d6c84766660dadfe2041f777d4b65b0ee8e401ae3734c97686c4e425dc233c4852404eb666098342edb439

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
f7e77cc9d0d3a003eac06afc81e446ab

SHA1
3e71ef98cd813f616313f77a080064c50aa79aea

SHA256
53042916ce67b1cdb98f60a6716e5e1221e93244f8c73d3e52d4b9057110386b

SHA512
9fbf6b0442dfc5f9832f82873fba1b5457dc7bd7318891518b38ec2ae119d593de820f829572d27413b9aa2f298ad57a53243610699b109061b48b80dd862acf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
15KB

MD5
17e2ca0bc666a34723735c048b9ad463

SHA1
b525d369b5f557ac0ad2e4fc572d381d00576e91

SHA256
8684893c8d8ed267e4a58b9a1dd98673a96a232ab0865c8e1fa487a72d6273ba

SHA512
faec43c0d1c08e2eb217b40c8884b3de37570c90b6c060d3f204491019a5b1504c28866ee2019de40ebf809ebac1fb9c3889bf8f8389a3bb9478a11b1ee30b6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
22KB

MD5
8667f1ab8c1b4de0808a3dcde9683cd5

SHA1
95de019ae6ac1057fe35473982dc8e9a5b3d8be4

SHA256
8f8e603d49a431a466feea0fa30418053626d78eca78544d30f2cafffa03ee73

SHA512
5a0f4f389a4353f988dae07138ae550e38666c06610ea02da0be7acafeb62fdd9c22cff940fbf4f417e13b7531a52b50807ba252d98e7de28d5c3d24e69a36bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
22KB

MD5
948e68fcbdcd6e5df8c6e85edcfdc2c0

SHA1
d77aecad5ec747136388667d3ef2257a49eef215

SHA256
30a6f70d83fed83eecd7e6e6e3745e117834d14dd97351a3a27c8bf7d94da3ed

SHA512
7b0d63ee37d66286e0c0ca11d9b08374c17f5dde1c8964c8c470ed457fa6e2b868de373d09abd707008b605dd5a081a6c3201b7f494d7630eb894873394a0844

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
22KB

MD5
e19ef432b048ad4c99685feaced8cf41

SHA1
555146b72e24885b80c76bb0830592bc682b70a8

SHA256
ef8f06b8ff576f8d38f83abd3baf300224fccc99705f74b316f819cd20f75ba0

SHA512
1a8a80d6b554c821df7a003098e364c825fb89d4fddeb028a48c720d3849a639ce9c8eda727ae291dd2c882cdf09e1c7fba0932dfa57bebdf92d9d9013a3394a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
84KB

MD5
1b42fdb0e3ad76929e717e9d6e982255

SHA1
6288428855fbec4486b68ac8deee0c844ef47b54

SHA256
298f7279dd55ba63faccdb3f667ec0ac920d6dd408b4bdd5dbdd2892b20294c8

SHA512
68b4d0554e3ab6c15e9a3ce421bd0c54314f492d6519740bee402d85fdd14a7c74ec4a66d4646ed1e07eb9782297b572de411551ae6230e760a13057ebe6e94b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
84KB

MD5
37dbe462dbaad487d469e4f94d790431

SHA1
263a942b2bf4013ad447d6ef0e2af1566ffd7f12

SHA256
2c06cb61a0c8b852104195a25dbcb5174c28fab591e5f7065319a17be93ef105

SHA512
a00e2102c04cf33d4057f39e460f75ea52766c20e40efc0cf9c92efa4d2a91556b5610109314fcd92e691f3174f03deb7e83e9561659b15c7ad28c712b5103de

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
88KB

MD5
01e921181e4e10cdb6f3b061a4536f7d

SHA1
bc886d56d5d2891e1b06599bdf187f8331fb8d96

SHA256
dd0069ffe42b60d409e9dc20062ada5bf8987bf75c34158f6fb2f9f509f2c66b

SHA512
1f9bf97eae48e658ba678e3e701a5a64054b84135075304d265722bbcb3c887b202454cd90a3fdb2c2c5917362f150d4e851a3331296e9709675f87065e97534

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
95KB

MD5
d9bf42f512fbbd958d90950430332cfe

SHA1
5b89c7cbbd7d55e84ed51e882472d8ee66e0eff7

SHA256
3248c9193901aed9e08367e52077525a6084fa883b7c35d71e0f096d7c3a74b8

SHA512
7dc5fe4972ce807870e7b6563e27baa978ae13428457458d6161d9bf1899ff388450b8f06a4ba0eef2c9d85c86623419e8d06d16b4ac23eff4a1580f62f54330

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
67f5fdaa02adead40241bb9b43baeacb

SHA1
66023eae8656a9e620b939d745bae12975bee301

SHA256
b65624ee184f8ec892815f9552bcf9a355f453e14cc85b6bc8bce88c1a8ce65b

SHA512
c3e1bbda12aa67f80598a2ee89e9bf05a754e1c1a8925662a1531ae27890c6972b7541cb56cce734d649d5f26309d905ede5fc32305f1b159228570ea973df6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
ac9e6982063a888d67c9d68a81f5f1fa

SHA1
c87cff29e9e38eac14f71f7a32fc0a20ad3cae9c

SHA256
b34ba2073afb4b863871b5684f698fdcd87209c746e96278416f697f9f5e3a90

SHA512
f8a659638a5772a1c9f4ab4bac7d85312caf66ba4b706cf24d377b3beee2e524e842a55b5a560e67380b91773d251c6b6e15a6cc44eb0f3e3e107bcd5fe526fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
93f673a24e7fcafbdd72f2c6398c3a77

SHA1
e0e87df886ad0ecb067e552d85ecd9d850ba327e

SHA256
a32ba6ef79de37a3e2625587aaceb914b8ed0677c38c559e64674668bb88f000

SHA512
cbccb214d729b43af5ea0239668e890ec52e45ba75436d89734c28dd2a21a02e33742b13892a5332ccc67dd7105584ce08d6ce8911793672d56ecedf7635e721

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
21KB

MD5
ca8db858a1d2511689f360f9be23945e

SHA1
e18f86d5cdbb4d6c880c2eb2d951cea077ebae45

SHA256
c90d314cf1ccf917b81fe0c80320fd4ec54a659ebf41db7918ccf3fc8819c87e

SHA512
f95dc18a7d3cfbe42e1148b57c9d67a42483aac7258ef5c415e59fbcedf2e94b9348c308f382fe9b3bb820d12b3632597b2206badabec0bbaeea6a21ee81a089

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
94KB

MD5
6036c015ebc2886fe2dd2aa99cdb6e26

SHA1
7e0582b8157ef937d248f27336ce9b60d98e5d94

SHA256
459c544f6cac0af885bc22a000e3fce0bf049a01c740436bb4388acd68bc98ed

SHA512
7a5c71327fc0105cc1f1428badb590b1d21e4c34a718d510bfd9d62e7f149738e5eebfe8d4a3ac98f9ad12736f3fa3bf61b965942499d1fe4dca0ab3db41b66e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
84KB

MD5
2c4e7f1c1b3375904171040d0c8415a4

SHA1
18bb501b00363d7f7f76a39597831a019f96c425

SHA256
2a3a9b284b670a92368c682424c724740011353a163a32d9809e2c4afe82ef07

SHA512
91fe687bbbc62c49a095b907230284e27310c97a2ef3132372032b96a99396a5059f48f47aa4213fe5a2ff0b0697c56b616cff286df07fa0506454f7d94f6781

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
39KB

MD5
b2e8b99e8f69e2a1cf8135ab9886610e

SHA1
028c28d07030a279a154a28b1b12d0f1fdbadc37

SHA256
1d920450e3a125842736a2c172638dea6cf4c537c7da5b6d3107aca362367a48

SHA512
1a360f774c78b45a6d0cfa7c8a32669e693b2b285da3bb69c20e453d5ec0814211fb55f5919e8856b14819e310e441f8560684502d3b644cf9846c467e8871be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
14KB

MD5
0a31d1c3ed89b9844bf597ea81bbc428

SHA1
3a6b56d43ad9d3f41ae89544fb041dca45819e65

SHA256
ed70bb20283193914cfb2512ad7266b10a1bd01f00dc9230b02414f79da267bc

SHA512
af5d3e888a792f02ba92bf5b2b82884e7fb5118f3f913a8f7aafa277b9064ef5c7d39f7751c704b9553c42f1b8856b977c0cdd3d965adb9bc946815889d6c5a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
84KB

MD5
2e8f2c68306644110de1ba30bb77b9e7

SHA1
98f3899477c4b580bd6662ce3a5f7ac352c2fb24

SHA256
69e6c15b10fac369f047fb29f31be1c12efa2a71d116e2848efc676675bc0e74

SHA512
806daa223bb699a0898e303f8574928c414e5cdf7618a056012b3ea0977c2cbc6050f987be1a702a08f5b8214efb55656ffe39a6f36688ebd768294c88389e8c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
18KB

MD5
0f4035839aedfd3a90ba646618b99b55

SHA1
63d6c89dfb5cf25cf84c093ef2ca2361c648f132

SHA256
59af1b532e0bec8ea0e70cffd68285c83f2c41fd174abd184c927357c982da0e

SHA512
bbb82d04f9e74714ef64dd1d7506509ec55d698012b2828f4cb290120d8a258ad0e9d4f43b11f23e3a6e23ce9035f07c99e6383f322c591e8365c2823e812456

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
84KB

MD5
19e9c242e7b78b2d342a0f298a47b613

SHA1
e5e4b95d6609d2500388d7cf69d6f52d1f76be7e

SHA256
84f74cfbe3acdae2ca260e8087b14d8a9be2747b831c8cd207662c10340fbc0d

SHA512
88ff72f64ed25aec50d9b4193db12812e174c57b810b712a403058f3657f28d69c382f4c7c8cfaeec9e77c46b7d88a8f7d02ea1cc8f95530c39c0cc2e9d54f65

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
a8261397e8475398d6ab7d54ff259d36

SHA1
9fa9344ca16308ed5d756831cf1a94d266e9e960

SHA256
42a7c1f5e2634fdd82ade6c9c391cb4d88dc573723a26665335c58fc842f722b

SHA512
994d5b317d9fd826be79e9de94a80ade2770f25962827f8a3cfbf30d55f6b4e8620d5edf2635e1eafd940dca78454399e24cf7f8505d46a6200ae938a714f1bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
22KB

MD5
3874f008b9532dbe4e55ab2d8408f307

SHA1
4b994b78e393510c1fe38651829f40433eb679fa

SHA256
2704915de4f5b09c961ffca22c2154f18ee09bc656d8dee2529baa2044f31c73

SHA512
f0887a7905ea34876026de4a790e3b7a80f3b4f2854803ce2f65ec885e6124f0a29d5a6e4a0c16240e71aeef5d873694cf639b116d16ce441ea5a1df0068361f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\sessionstore-backups\recovery.baklz4

Filesize
22KB

MD5
cb547a24dfcda3781f9350bf53ca06a2

SHA1
5bcfa710a430e2e2c9dd00642bb113f6ce373b17

SHA256
bb9bcbb3a284412e20d9c5f57f90666e969ef67d15b703422902c80350003295

SHA512
f54159f1e5fac562cc3ae417ddad9dd335dcb0c895dbad240dafee375c3b06fb6ce8c9f3e9f8490424afbd157c8cd0c860a7b68af218c09546c8fcf8f3a6b973

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\storage\default\https+++promotion.quiztionnaire.biz\cache\morgue\235\{2a6c4cde-b2c9-4953-ab6a-bd97d5e575eb}.final

Filesize
212B

MD5
8fdd9147ea94340c77d938eb4de38697

SHA1
294fc8f23b457d9bea094def276e2bb9f1ac7f6a

SHA256
de4a4299fb0fa0e42b3f57f227199c846d360447e8b9e06e81a2ad4839c2ae70

SHA512
a23968caa21aaf8c946e23ba8f93e0708b6873a5a37714575f75bbe21bce358c35cef759ca0e99f2de4538263ba205c960944fc710eb15612dca36c50755fb05

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\storage\default\https+++trk.nakinu.com\cache\morgue\147\{31238c32-6922-4c11-b72e-60029655fe93}.final

Filesize
289B

MD5
35964edf5079990debaefb1d53eef766

SHA1
3ddf8e1088dc3121a12d57d74a44cefeca7c95d5

SHA256
40d2ffb086dd3eefb2dd38b96f792f5dab0b8d25d8ff25164efbfe01c87c5bee

SHA512
fa082cdb8e7dea51c0f1f42b1c4293627af4eea2a815adb3cc8eb18da4f917ddab7f9449eeeefb181b61368c45f0cf58e32baa1712c9b5d54741eb557eaba013

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\storage\default\https+++trk.nakinu.com\cache\morgue\53\{40904547-7ad0-4196-91da-5b59de716135}.final

Filesize
106B

MD5
1a50848a2eba76a7803c69b60f0ec203

SHA1
8cb5a7c44ee776a49e3303512a4662f506ed65da

SHA256
bf46dfd6ee37dc1a81960d4429a1c4b5849b32190cf3aadac86f4cbb3b8206ea

SHA512
dcb13f988f16a444756c949d70f788252412fdf4f4f42deb9d7690c10be7db035b9a9ab02a37bfe78b9a8814aed4708bef3040fc1e5b24294b4beb57eafec067

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\storage\default\https+++trk.nakinu.com\cache\morgue\75\{e8657a59-7d5c-4f0f-acec-1afba13fca4b}.final

Filesize
21KB

MD5
9c5409ae91ccb2f7b25299983a2a657f

SHA1
fc06e135fe5cbd3bdbe7d2d25901d158306914c6

SHA256
21ce38398f22c2b65dbb93f42a6e06a195bd0801050b83003de0790e5ff86463

SHA512
64cbc2e453e9048ebc9d83f4b3da4d60fdee3c8adfffe137393966ac22d8218eb0dd5f048a8c7b8209c9f3cd246e727a2d223972ee9e22f1e9f30a5b54a7e9cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\storage\default\https+++www.googletagmanager.com^partitionKey=%28https%2Copera.com%29\cache\morgue\220\{e0194bfc-12ce-4e9f-9caa-9ad6e44b15dc}.final

Filesize
11KB

MD5
be8525a9346a1682e36f442d57af8043

SHA1
ad4e1fc3a9359fcbb95ea767f559c6bb2c1dae35

SHA256
3a352ff6e99750eb48c8aabed7c1dc17e7bc07e31386324fcc4d5a829af13ebd

SHA512
ed8097f60cbc59a14c994d8dc42c5b459287625d20642984d3306e7b2aae0035caf80ba857ccfd420c09d72ed449f69022b6937a863cc238296e5a4af8fd8741

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\l2vosokn.default-release\storage\default\https+++www.paypal.com\idb\582030429ul.sqlite

Filesize
48KB

MD5
ae52440d5dd4be06746c538a5ce20d65

SHA1
889599218d433bf2297788d8320c633b5b7838a3

SHA256
3cf9e89fc96e3c5d994295ff32a0c3ede89f6369f6ca5ec911b2b52303a9d9e6

SHA512
86af7af811f9a68367002fc976be23d1bfa7bd2cc51b06969b1473bc3edb2ce8b7d1388e10e5e47c57a4c5178526df334d2264ad7061320affb93ef21fef3907

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
5fcf2cf1c660c54b5180eb64613e37d8

SHA1
c4a5c1960ee8d006315b678d2b3e423bd27b0813

SHA256
79bdfa9dbff6167b065c227ac1f1ba99bec79b33d5c16a4f7e5cfb9bb5421454

SHA512
655899abab37bfd21b4e273487ee0f762676537b371280613e93a54b4ae1dd408ffe4daaaec8150926b7d34bfb6bc4888bd22bab0c3d97c148647818357bb673

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
76c5c7b02e2920bdf8e839ff892e67bb

SHA1
185293553bfc39b28012f95d1c86a95f554c4a66

SHA256
d5cb0610196f929120cb2a44e86b27eb83e65c231df275a7bcbef1bc5236f594

SHA512
5232e89ef817415acc23940d87c9a648c13c7b11ba592c0bc1ab27886b008a3adaf1a81bfcb1d84a0601cd2797482c86310236204642c319ebc431d7b6e1ca36

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup(1).exe

Filesize
3.8MB

MD5
7e6b200a53b5d64924ca0bd10aabb910

SHA1
696160f2ff7e3342a17c463b59dc338f404d4172

SHA256
6d38a107046888f31c3a9914d12170222bdc169d9a4c485c696bbec16cf768e8

SHA512
ce678cfcac6c4c979c31da9a00239dda984ef2cde2e9c231aea9ce9256f21b45add222941241be102000475534253ff319aedf58e4c3f5e5f735e5be05c0d67d

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.P40a6pi6.exe.part

Filesize
3.8MB

MD5
dfb326af35f3c0e0cbd25ab218254649

SHA1
64eb229362efedeb7d5754815b79243b5d23761d

SHA256
f41b645e8819b3bcc577aa5348dcd3695a00bb0c746334e94507a7d85b666e4e

SHA512
ff0cb436d3f32fe3db8667ebbfcacc8f3aad6dbecbf951e9bcb2dec0111cd2c7ff464ffbfa52f6c7dadd66275e826ae56876cfeb2949f31eb27f33a50846121f

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads