34278d6fd8874bc12cd7498ded79852c87219e7d5d9ca75facfa3deb98089f36

Resubmissions

21/02/2024, 18:45

240221-xeasyaea37 8

21/02/2024, 18:40

240221-xbnwdsdh48 8

Analysis

max time kernel
136s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 18:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fortinet-7.0.0.0029-installer_jLa-0t1.exe
Size

1.7MB
MD5

9402ecd688bb22ae501ee75565e15b4d
SHA1

5671c2706b73f9a68c20a8b41702e9fd161ae240
SHA256

34278d6fd8874bc12cd7498ded79852c87219e7d5d9ca75facfa3deb98089f36
SHA512

f43256d5e52750269679f95311fb097c555f92c0e61779f29e2a2d4dbc55c91c8dbb8fad8ecf5c0643ce650b7e85053d065a1f5779b3a463868a2fa92e294ec0
SSDEEP

24576:C4nXubIQGyxbPV0db26WKas4/Xnna2AVFwCGRjICE2lfWW0qXgoW1zSB:Cqe3f6mson6fNCNltv

Score

8^/10

persistence spyware stealer upx

Malware Config

Signatures

Creates new service(s) 1 TTPs
persistence

Windows Service
T1543.003
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 8 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0006000000023230-113.dat	upx
behavioral2/memory/3444-122-0x0000000000C70000-0x000000000117E000-memory.dmp	upx
behavioral2/memory/2196-142-0x0000000000E90000-0x000000000139E000-memory.dmp	upx
behavioral2/memory/2196-138-0x0000000000E90000-0x000000000139E000-memory.dmp	upx
behavioral2/memory/5020-150-0x0000000000C70000-0x000000000117E000-memory.dmp	upx
behavioral2/memory/3596-166-0x0000000000C70000-0x000000000117E000-memory.dmp	upx
behavioral2/memory/3444-309-0x0000000000C70000-0x000000000117E000-memory.dmp	upx
behavioral2/memory/112-310-0x0000000000C70000-0x000000000117E000-memory.dmp	upx

Downloads MZ/PE file

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe
File opened (read-only)	\??\D:	OperaSetup.exe
File opened (read-only)	\??\F:	OperaSetup.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2132103209-3755304320-2959162027-1000\Control Panel\International\Geo\Nation	fortinet-7.0.0.0029-installer_jLa-0t1.tmp

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\McAfee\Temp2737255938\uihost.cab	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\eula-sk-SK.txt	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-install-es-MX.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-install-sr-Latn-CS.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-shared-da-DK.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-shared-fr-CA.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-shared-pl-PL.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\wa_install_close.png	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-shared-ja-JP.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\icon_complete.png	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\icon_laptop.png	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\eula-hu-HU.txt	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\browserplugin.cab	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\resource.dll	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\wa-common.css	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\eula-sv-SE.txt	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-shared-sv-SE.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\browserhost.cab	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\resourcedll.cab	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\wa-ui-install.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\eula-da-DK.txt	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-shared-el-GR.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\servicehost.cab	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\eula-pt-PT.txt	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-install-fr-FR.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-install-pt-PT.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-shared-en-US.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-shared-fr-FR.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\eventmanager.cab	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jquery-1.9.0.min.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\mcafee_pc_install_icon.png	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\mfw-webadvisor.cab	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\eula-fi-FI.txt	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-install-zh-TW.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-shared-nb-NO.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\mfw-mwb.cab	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\settingmanager.cab	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\wa-install.html	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-install-cs-CZ.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-install-sv-SE.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-shared-cs-CZ.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-shared-tr-TR.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-install-ru-RU.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-install-sk-SK.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-shared-zh-TW.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\wa-utils.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\wa_install_check.png	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\eula-tr-TR.txt	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\eula-zh-CN.txt	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\eula-zh-TW.txt	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\l10n.cab	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\mfw-nps.cab	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\uninstaller.cab	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\eula-fr-CA.txt	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\eula-ru-RU.txt	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\eula-sr-Latn-CS.txt	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-install-fr-CA.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\wa_install_close2.png	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\webadvisor.ico	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\eula-es-MX.txt	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-install-it-IT.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-install-ko-KR.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-install-pl-PL.js	installer.exe
File created	C:\Program Files\McAfee\Temp2737255938\jslang\wa-res-shared-ru-RU.js	installer.exe

Executes dropped EXE 10 IoCs

pid	Process
856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
4292	saBSI.exe
3444	OperaSetup.exe
112	OperaSetup.exe
2196	OperaSetup.exe
5020	OperaSetup.exe
3596	OperaSetup.exe
944	saBSI.exe
5552	installer.exe
5780	installer.exe

Launches sc.exe 4 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5916	sc.exe
6036	sc.exe
6992	sc.exe
5616	sc.exe

Loads dropped DLL 5 IoCs

pid	Process
3444	OperaSetup.exe
112	OperaSetup.exe
2196	OperaSetup.exe
5020	OperaSetup.exe
3596	OperaSetup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 2 IoCs

pid	pid_target	Process	procid_target
4436	856	WerFault.exe	86
4544	856	WerFault.exe	86

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\	fortinet-7.0.0.0029-installer_jLa-0t1.tmp

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 040000000100000010000000e94fb54871208c00df70f708ac47085b0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b81900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b4200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 5c0000000100000004000000001000001900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c040000000100000010000000e94fb54871208c00df70f708ac47085b200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 0f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c0b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000006200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df8653000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c01400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b1d00000001000000100000005467b0adde8d858e30ee517b1a19ecd909000000010000000c000000300a06082b060105050703030300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b8200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EFC31460C619ECAE59C1BCE2C008036D94C84B8\Blob = 1900000001000000100000005d1b8ff2c30f63f5b536edd400f7f9b40300000001000000140000004efc31460c619ecae59c1bce2c008036d94c84b809000000010000000c000000300a06082b060105050703031d00000001000000100000005467b0adde8d858e30ee517b1a19ecd91400000001000000140000001f00bf46800afc7839b7a5b443d95650bbce963b53000000010000001f000000301d301b060567810c010330123010060a2b0601040182373c0101030200c06200000001000000200000007b9d553e1c92cb6e8803e137f4f287d4363757f5d44b37d52f9fca22fb97df860b000000010000004200000047006c006f00620061006c005300690067006e00200043006f006400650020005300690067006e0069006e006700200052006f006f007400200052003400350000000f0000000100000030000000c130bba37b8b350e89fd5ed76b4f78777feee220d3b9e729042bef6af46e8e4c1b252e32b3080c681bc9a8a1afdd0a3c200000000100000076050000308205723082035aa00302010202107653feac75464893f5e5d74a483a4ef8300d06092a864886f70d01010c05003053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f7420523435301e170d3230303331383030303030305a170d3435303331383030303030305a3053310b300906035504061302424531193017060355040a1310476c6f62616c5369676e206e762d73613129302706035504031320476c6f62616c5369676e20436f6465205369676e696e6720526f6f742052343530820222300d06092a864886f70d01010105000382020f003082020a0282020100b62dc530dd7ae8ab903d0372b03a4b991661b2e5ffa5671d371ce57eec9383aa84f5a3439b98458ab863575d9b00880425e9f868924b82d84bc94a03f3a87f6a8f8a6127bda144d0fdf53f22c2a34f918db305b22882915dfb5988050b9706c298f82ca73324ee503a41ccf0a0b07b1d4dd2a8583896e9dff91b91bb8b102cd2c7431da20974a180af7be6330a0c596b8ebcf4ab5a977b7fae55fb84f080fe844cd7e2babdc475a16fbd61107444b29807e274abff68dc6c263ee91fe5e00487ad30d30c8d037c55b816705c24782025eb676788abba4e34986b7011de38cad4bea1c09ce1df1e0201d83be1674384b6cffc74b72f84a3bfba09373d676cb1455c1961ab4183f5ac1deb770d464773cebfbd9595ed9d2b8810fefa58e8a757e1b3cfa85ae907259b12c49e80723d93dc8c94df3b44e62680fcd2c303f08c0cd245d62ee78f989ee604ee426e677e42167162e704f960c664a1b69c81214e2bc66d689486c699747367317a91f2d48c796e7ca6bb7e466f4dc585122bcf9a224408a88537ce07615706171224c0c43173a1983557477e103a45d92da4519098a9a00737c4651aaa1c6b1677f7a797ec3f1930996f31fbea40b2e7d2c4fac9d0f050767459fa8d6d1732bef8e97e03f4e787759ad44a912c850313022b4280f2896a36cfc84ca0ce9ef8cb8dad16a7d3ded59b18a7c6923af18263f12e0e2464df0203010001a3423040300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e041604141f00bf46800afc7839b7a5b443d95650bbce963b300d06092a864886f70d01010c050003820201005e2bba749734445f764828408493ee016ee9a1b3d68025e67be4bc09913d0ffc76add7d43020bb8f60d091d61cf29cef781a2b943202c12496525202d0f3d1fcf29b396e99e11f8e43417d9a1e5bc95d9a84fc26e687f3747226ada41bd93d3b6a52a03c091e2f1e7bb333b445c7f7acb1af9360ad76aeb8b21578eb836aebffdb46ab24e5ee02fa901f59c02f5dd6b75da45c10b77253f8414eccfa781a254acafe85624361c3b437aa81d2f4d63a0fbd8d597e3047de2b6be72150335fd4679bd4b8679f3c279903ff85438e7312ca20cde861d5b166dc17d6396d0fdbcf2337a182894e1c6b3fd6a0cdaa079d3e4226aad70ceefa47bf1a527ed17581d3c98a62176d4f88a021a0263eaf6dd962301fe99828ae6e8dd58e4c726693808d2ae355c760679042565c22510fb3dc4e39ee4dddd91d7810543b6ed0976f03b51eb22373c612b29a64d0fc958524a8ffdfa1b0dc9140aedf0933abb9dd92b7f1cc91743b69eb67971b90bfe7c7a06f71bb57bfb78f5aed7a406a16cd80842d2fe102d4249443b315fc0c2b1bfd716ffccbbc75173a5e83d2c9b32f1bd59c8d7f54fe7e7ee456a387a79de1595294418f6d5bbe86959aff1a76dd40d2514a70b41f336323773fec271e59e40887ed34824a0f3ffea01dc1f56773458678f4aa29e92787c619dbc61314c33949874da097e06513f59d7756e9dab358c73af2c0cd82	saBSI.exe

Script User-Agent 2 IoCs

Uses user-agent string associated with script host/environment.

description	flow	ioc
HTTP User-Agent header	24	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)
HTTP User-Agent header	49	Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
4292	saBSI.exe
4292	saBSI.exe
4292	saBSI.exe
4292	saBSI.exe
4292	saBSI.exe
4292	saBSI.exe
4292	saBSI.exe
4292	saBSI.exe
4292	saBSI.exe
4292	saBSI.exe
944	saBSI.exe
944	saBSI.exe
4888	msedge.exe
4888	msedge.exe
4316	msedge.exe
4316	msedge.exe
5176	identity_helper.exe
5176	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe
4316	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1784 wrote to memory of 856	1784	fortinet-7.0.0.0029-installer_jLa-0t1.exe	86
PID 1784 wrote to memory of 856	1784	fortinet-7.0.0.0029-installer_jLa-0t1.exe	86
PID 1784 wrote to memory of 856	1784	fortinet-7.0.0.0029-installer_jLa-0t1.exe	86
PID 856 wrote to memory of 4292	856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	92
PID 856 wrote to memory of 4292	856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	92
PID 856 wrote to memory of 4292	856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	92
PID 856 wrote to memory of 3444	856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	93
PID 856 wrote to memory of 3444	856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	93
PID 856 wrote to memory of 3444	856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	93
PID 3444 wrote to memory of 112	3444	OperaSetup.exe	94
PID 3444 wrote to memory of 112	3444	OperaSetup.exe	94
PID 3444 wrote to memory of 112	3444	OperaSetup.exe	94
PID 3444 wrote to memory of 2196	3444	OperaSetup.exe	95
PID 3444 wrote to memory of 2196	3444	OperaSetup.exe	95
PID 3444 wrote to memory of 2196	3444	OperaSetup.exe	95
PID 3444 wrote to memory of 5020	3444	OperaSetup.exe	96
PID 3444 wrote to memory of 5020	3444	OperaSetup.exe	96
PID 3444 wrote to memory of 5020	3444	OperaSetup.exe	96
PID 5020 wrote to memory of 3596	5020	OperaSetup.exe	97
PID 5020 wrote to memory of 3596	5020	OperaSetup.exe	97
PID 5020 wrote to memory of 3596	5020	OperaSetup.exe	97
PID 4292 wrote to memory of 944	4292	saBSI.exe	98
PID 4292 wrote to memory of 944	4292	saBSI.exe	98
PID 4292 wrote to memory of 944	4292	saBSI.exe	98
PID 856 wrote to memory of 4316	856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	99
PID 856 wrote to memory of 4316	856	fortinet-7.0.0.0029-installer_jLa-0t1.tmp	99
PID 4316 wrote to memory of 4260	4316	msedge.exe	100
PID 4316 wrote to memory of 4260	4316	msedge.exe	100
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102
PID 4316 wrote to memory of 3728	4316	msedge.exe	102

C:\Users\Admin\AppData\Local\Temp\fortinet-7.0.0.0029-installer_jLa-0t1.exe
"C:\Users\Admin\AppData\Local\Temp\fortinet-7.0.0.0029-installer_jLa-0t1.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:1784
- C:\Users\Admin\AppData\Local\Temp\is-JDE4P.tmp\fortinet-7.0.0.0029-installer_jLa-0t1.tmp
  "C:\Users\Admin\AppData\Local\Temp\is-JDE4P.tmp\fortinet-7.0.0.0029-installer_jLa-0t1.tmp" /SL5="$30240,836075,831488,C:\Users\Admin\AppData\Local\Temp\fortinet-7.0.0.0029-installer_jLa-0t1.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of WriteProcessMemory
  PID:856
- - C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\component0_extract\saBSI.exe
    "C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\component0_extract\saBSI.exe" /affid 91082 PaidDistribution=true CountryCode=GB
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4292
  - - C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe
      "C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe" /install /affid 91082 PaidDistribution=true saBsiVersion=4.1.1.818 CountryCode=GB /no_self_update
      4⤵
      Executes dropped EXE
      Suspicious behavior: EnumeratesProcesses
      PID:944
    - - C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe
        
        "C:\ProgramData\McAfee\WebAdvisor\saBSI\\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
        5⤵
        Drops file in Program Files directory
        Executes dropped EXE
        
        PID:5552
      - C:\Program Files\McAfee\Temp2737255938\installer.exe
        
        "C:\Program Files\McAfee\Temp2737255938\installer.exe" /setOem:Affid=91082 /s /thirdparty /upgrade
        6⤵
        Executes dropped EXE
        
        PID:5780
        
        C:\Windows\SYSTEM32\regsvr32.exe
        
        regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
        7⤵
        
        PID:4364
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        /s "C:\Program Files\McAfee\WebAdvisor\win32\WSSDep.dll"
        8⤵
        
        PID:6088
        
        C:\Windows\SYSTEM32\sc.exe
        
        sc.exe create "McAfee WebAdvisor" binPath= "\"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe\"" start= auto DisplayName= "McAfee WebAdvisor"
        7⤵
        Launches sc.exe
        
        PID:5916
        
        C:\Windows\SYSTEM32\regsvr32.exe
        
        regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\WSSDep.dll"
        7⤵
        
        PID:5896
        
        C:\Windows\SYSTEM32\sc.exe
        
        sc.exe description "McAfee WebAdvisor" "McAfee WebAdvisor Service"
        7⤵
        Launches sc.exe
        
        PID:6036
        
        C:\Windows\SYSTEM32\sc.exe
        
        sc.exe failure "McAfee WebAdvisor" reset= 3600 actions= restart/1/restart/1000/restart/3000/restart/30000/restart/1800000//0
        7⤵
        Launches sc.exe
        
        PID:6992
        
        C:\Windows\SYSTEM32\sc.exe
        
        sc.exe start "McAfee WebAdvisor"
        7⤵
        Launches sc.exe
        
        PID:5616
        
        C:\Windows\SYSTEM32\regsvr32.exe
        
        regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
        7⤵
        
        PID:5948
        
        C:\Windows\SysWOW64\regsvr32.exe
        
        /s "C:\Program Files\McAfee\WebAdvisor\win32\DownloadScan.dll"
        8⤵
        
        PID:5408
        
        C:\Windows\SYSTEM32\regsvr32.exe
        
        regsvr32.exe /s "C:\Program Files\McAfee\WebAdvisor\x64\DownloadScan.dll"
        7⤵
        
        PID:6040
- - C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\component1_extract\OperaSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\component1_extract\OperaSetup.exe" --silent --allusers=0 --otd=utm.medium:apb,utm.source:ais,utm.campaign:opera_new_b
    3⤵
    - Enumerates connected drives
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:3444
  - - C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\component1_extract\OperaSetup.exe
      C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\component1_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=98.0.4759.6 --initial-client-data=0x2d8,0x2dc,0x2e0,0x2b4,0x2e4,0x71eec398,0x71eec3a8,0x71eec3b4
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:112
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      PID:2196
  - - C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\component1_extract\OperaSetup.exe
      "C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\component1_extract\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3444 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240221184303" --session-guid=c5593a47-8431-4a52-b3a7-e984a3a1d90a --server-tracking-blob=YmY4YjdjMzRkZDNmMTQwMDdiMjhlZDgxMjNmYjUyMzViZDZmZmVmMTVlNGUzYzg0ZDBkZmFmYjUzZTEyOGE3ODp7ImNvdW50cnkiOiJJTCIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWFpcyZ1dG1fbWVkaXVtPWFwYiIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY4MjQwNjc0OS41OTA1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzExMi4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoib3BlcmFfbmV3X2IiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJhaXMifSwidXVpZCI6Ijk4MjVlYmU2LTRhYTItNDRmOS1iYTM5LTRkMjNlNmE1MDVhNiJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=D804000000000000
      4⤵
      Enumerates connected drives
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of WriteProcessMemory
      PID:5020
    - - C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\component1_extract\OperaSetup.exe
        
        C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\component1_extract\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=98.0.4759.6 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2b4,0x2f0,0x70f5c398,0x70f5c3a8,0x70f5c3b4
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3596
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402211843031\assistant\Assistant_107.0.5045.21_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402211843031\assistant\Assistant_107.0.5045.21_Setup.exe_sfx.exe"
      4⤵
      PID:6392
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402211843031\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402211843031\assistant\assistant_installer.exe" --version
      4⤵
      PID:4524
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402211843031\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402211843031\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=107.0.5045.21 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0xd20ff4,0xd21000,0xd2100c
        5⤵
        
        PID:5684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://gsf-fl.softonic.com/740/02d/f16d55821e6e472aacb4f28b66430e7394/FortiClientOnlineInstaller_7.0.0.0029.exe?Expires=1694537292&Signature=03b113a6193ec794cd5d824924b6b8d7d7555dbc&url=https://fortinet.en.softonic.com&Filename=FortiClientOnlineInstaller_7.0.0.0029.exe
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:4316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffba1146f8,0x7fffba114708,0x7fffba114718
      4⤵
      PID:4260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
      4⤵
      PID:3728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
      4⤵
      PID:4936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
      4⤵
      PID:2940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
      4⤵
      PID:4340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
      4⤵
      PID:3020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
      4⤵
      PID:4980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
      4⤵
      PID:3048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
      4⤵
      PID:4088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
      4⤵
      PID:1848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
      4⤵
      PID:4188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
      4⤵
      PID:2600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
      4⤵
      PID:2340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7288 /prefetch:8
      4⤵
      PID:5160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7288 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5176
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7052 /prefetch:1
      4⤵
      PID:5328
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7048 /prefetch:1
      4⤵
      PID:5320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
      4⤵
      PID:5312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7360 /prefetch:1
      4⤵
      PID:5492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7352 /prefetch:1
      4⤵
      PID:5464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
      4⤵
      PID:5936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:1
      4⤵
      PID:6020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,3402238535993587754,4151244379294987446,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
      4⤵
      PID:6028
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 1660
    3⤵
    - Program crash
    PID:4436
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 856 -s 1820
    3⤵
    - Program crash
    PID:4544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3492

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 448 -p 856 -ip 856
1⤵
PID:3264

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 548 -p 856 -ip 856
1⤵
PID:4456

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:5976

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:6240
- C:\Program Files\McAfee\WebAdvisor\UIHost.exe
  "C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
  2⤵
  PID:6064

C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
"C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe"
1⤵
PID:6528
- C:\Program Files\McAfee\WebAdvisor\UIHost.exe
  "C:\Program Files\McAfee\WebAdvisor\UIHost.exe"
  2⤵
  PID:6608
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c dir "C:\Program Files (x86)\McAfee Security Scan" 2>nul
  2⤵
  PID:6892

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\McAfee\Temp2737255938\analyticsmanager.cab

Filesize
2.0MB

MD5
024e451ca64f06c7054c5ff1d63289a8

SHA1
5c9a65800a072bc20ed6e660551e87b183ebfb53

SHA256
e63bfdce9db4bbf3be28051615c81b1f5f5e1af5b512af5a48c3a8b7e882213d

SHA512
f311ce7c193f8afe11a12d35726e5a2953049641363ce73b0caedf740e337f8bfbc08785f69bf93a6d5b092851c7012372086319bb86fbcbe2722cfbeed790eb

Download Submit
C:\Program Files\McAfee\Temp2737255938\analyticstelemetry.cab

Filesize
58KB

MD5
f4f1873a7f68239272ecb3a92f1a128a

SHA1
288f5295325dc3986269b07f901aa186736bfa79

SHA256
3829fea320ad3c1aea101d47de31f93411114c2b4473fc75d11a809bdf1906c6

SHA512
4e195d038a83e8d7a0a52f9809c4ab2ece1f934220e0aaf143716bc35e8a8d682b101a42d218f00646a282bdf87cec73ef4211662ef56ca5caea691521fd8000

Download Submit
C:\Program Files\McAfee\Temp2737255938\browserhost.cab

Filesize
1.2MB

MD5
0c693c6f86339af4e5373bf2882733ef

SHA1
e1b19d022b2e7abc4912979208e926cc53e0e990

SHA256
3dffaab4c4d8ca047a24e5eaf50bfcc2eb649e8eac7d292adfca4683b687b071

SHA512
fddfda39c795614779a93deb2f3579eb7df3dbe597ca5da50648c44f7a5d6aa26661de85c18f3cab9cb9b03fd677779572819e2b274a19934c010b7a108d7307

Download Submit
C:\Program Files\McAfee\Temp2737255938\browserplugin.cab

Filesize
2.4MB

MD5
ea0f8a05985632ae3a4f771ab590214c

SHA1
5667909870a9d83cac91f91af0b27a63c13fc5a5

SHA256
5cafd6ce55eee51d56f5a55d809f9f078f9c410abc8fd6d08696d7c76364db0d

SHA512
1989a66c2d8f41d674df53a77b0cf695aa91d4750b53d1744ff76569820746b3374f1e5df0cfa9deb94ff3e71c885cd41ddaf05b3d6d437f5a8101a68f0c8485

Download Submit
C:\Program Files\McAfee\Temp2737255938\downloadscan.cab

Filesize
2.1MB

MD5
e941b3c71f00d0e451aa3dece2ca8895

SHA1
4a5a8d9d6749af33320e47969de3d82c6ed719a4

SHA256
85c41b33603d6bb16a8199b2aad183568d9c9ee1393000a703416d8dcf18683f

SHA512
358df0819562ca211a9dc7ee8da38f832a386219b80f2fcc50fe85dde7e81d05c93423fc343fed58928906efff6b53e01a4165e1a107ec90d418d9fa0f062dd3

Download Submit
C:\Program Files\McAfee\Temp2737255938\eventmanager.cab

Filesize
1.5MB

MD5
ee4b92656b6b15a8e7245c5326ee87a8

SHA1
9f31a7b345a43538cdf7f1487c5cc5b0b978e23d

SHA256
c81beefc5d16b0e14a6461aec22fd5987c763a7e863e0d0c4269e57a6f33c271

SHA512
eaf815aa74dfb0e63146a9a6d1e55c9a4fc61681e2ddbc99ac0de2d2ebb48453053aab27d12f7e37ed4e52ae5a90a1d9a379539d0eb46b238b02862c25678f41

Download Submit
C:\Program Files\McAfee\Temp2737255938\installer.exe

Filesize
2.4MB

MD5
9daf36d81b100292bfd1104a310756f6

SHA1
c2a21215b054212591ea5b094a268c612d3f6d3f

SHA256
f8b10a122ff9c932ca97f80e6bcf6f210b8d54599aed029d43a07017073d6bc4

SHA512
b068431bba264f0324cf42e88bc6d13027dec32012dc3a3b7f7e65cba2df196cf68b77e753d87d6d32fb7ae15df8f853e930bd21432fa52404272901a6688617

Download Submit
C:\Program Files\McAfee\Temp2737255938\l10n.cab

Filesize
273KB

MD5
53b2ba2438c18cc602b7601348beb129

SHA1
b95175800086f98062fe011d1435d152b449feed

SHA256
d3cf77bae0af34388d45005b24ac009daab7490b00c9d8b9907481167262eb27

SHA512
b19008619c29a4843f83807e2dd9b402bb3028967e788d2e05bcb52fb64f077c140980d2996ca54f53c1c31688c987974248fc41b45693b8f7909e93d1be3e36

Download Submit
C:\Program Files\McAfee\Temp2737255938\logicmodule.cab

Filesize
1.4MB

MD5
e9c327508f532d8339806b33e741795c

SHA1
38363ce0d6514a12fc489d2b01d5aead322cf25b

SHA256
7f6a32b2cb4e20d9458ce70d5a3c5354c0f434f84682593b5f9dc0f4ddc681f6

SHA512
0705e88bc6c0374273de0ee2a54125371c9b3702efed1ec19c5535dff50ea753f9db0ffaf10edc0cd240a4c207bfaf142c4ad2e65cefdfa02f997506d31be2e3

Download Submit
C:\Program Files\McAfee\Temp2737255938\logicscripts.cab

Filesize
57KB

MD5
d55a19592f1160fed1f7f7ddff36cf21

SHA1
e19a058fa52f3c8635517ce7646fad181a28c015

SHA256
4549a4c73c3ca3898ee8443e28795effd85cddc87d57ac38c5087c53c14f056c

SHA512
70758593cd42aa8be9874cf196e229bb2824e28ef748f9e704c550dae57417299db66fb4965fd2afaa59a6d12d0b9477873bf449c2f2ae1d6e413c95ef77abcb

Download Submit
C:\Program Files\McAfee\Temp2737255938\lookupmanager.cab

Filesize
970KB

MD5
bd6e10cc0f2590433b8457175355def1

SHA1
0a2cff3e11dc8d7204f4ddad42f8230ea0f528f8

SHA256
39a27008c2e6e0f0ae58bd415abfe2c4c74c45b8d0ca506d05786e3e9b3d27e4

SHA512
46b90c72e7401d29c4a321bb9e067cf6cc976d04f5ecba1d797ce538cc310ee389b9f298988d1de4ea4fa0c8834a45b9e1bcbb3881496b4d8e62fc2489cff656

Download Submit
C:\Program Files\McAfee\Temp2737255938\mfw-mwb.cab

Filesize
30KB

MD5
bfc0cadcba91d927561d76bcf8b151c6

SHA1
1fb6ae9629aebcdd54308f72dd8bc43da29dfa5a

SHA256
3c83f0a109a619d1a95633d3832140b4988b787fb78ed11a7ec47f680577deed

SHA512
704278c3b0381a7080ef1cdb8641592a4b2715039388f582121750391989b625790dd307508f1b1e01b04cc11950350aa7b285a980455755b968e547a4d774dc

Download Submit
C:\Program Files\McAfee\Temp2737255938\mfw-nps.cab

Filesize
33KB

MD5
754ec5710b8d2b0d08c2d4e49aeadaec

SHA1
088f9c3baf8c91b3677435c517930b0e33b008ae

SHA256
9778ed9ea19854a4312579c2e595d16f6c5c5645e4e8b91debe7fb582cf78573

SHA512
38db5777d535003cccaef7bebc2a87837a097b4eb725458e0f8b70fbd8854811981af66365bcb5bc3afa1f1f305af365b49926540d167c5001fcc4192e3bbba0

Download Submit
C:\Program Files\McAfee\Temp2737255938\mfw-webadvisor.cab

Filesize
915KB

MD5
4d56a925b39d2aa9bbc2a415be2e1235

SHA1
9fb6ddd87d9586995099fb0c1423553d409e1ad0

SHA256
aaf18dbdef0d5362d2f2789b0dce5e1e91d0fd1fd4d8fef6f88acaf38ecbdf4b

SHA512
d9f670b661cd83988f8092f638fd76474288a7a0ca27d819046e99d9db042e9bfe323676e485c29b3f4a2970a2f7f6aa2a84171997380e3325266373a6c6dbcd

Download Submit
C:\Program Files\McAfee\Temp2737255938\mfw.cab

Filesize
310KB

MD5
a64bb575ff72e6c81d3358d07325fe46

SHA1
03d49603bbb7a5b3d4b96453d20845f794bdb1b0

SHA256
bc48b292f67082e8515149ba81d3064359c09f5c646a7ee8e113940a6b812afd

SHA512
acf2a01d119e518a0de8dd419dd32e270b92a0c89d90428eaf6899d18959a1ea58891ff7ad95ccba14248b0d6a07d6e6f8d25ef7bd5889eb2e19eb0700267cf6

Download Submit
C:\Program Files\McAfee\Temp2737255938\resourcedll.cab

Filesize
50KB

MD5
d452e574c6113a01b3a45d836a15a3b6

SHA1
ec6e41d57bd803347410fa5861e7521dbeec0a87

SHA256
e3e6908b669ab0503133ef8cca2834782dd174be9de67b7c01bff10f953c4855

SHA512
2775ccfa8bb146a1b27d57f330923b8a80fb932a7fc1b3fdcd9747d45fe84fab48cacf593cdb16e33500680c891c8b04d9daa16a7d33ed40b00891be68e7a959

Download Submit
C:\Program Files\McAfee\Temp2737255938\servicehost.cab

Filesize
304KB

MD5
2c91564d2834024d02b0eecaa911d097

SHA1
d9fcc86142edb4c3e32886f82537675a89944dce

SHA256
dd65a1a4042505f4afc1d9a64d6e4bcceb707374137f519a7eb1ff8a96e91d53

SHA512
844ade18bee42800dae54d91dce34f126cc250a02b3e82d280ba5ec0d532b4d294b65ef000c520b8939ba932ebdaf818b2e5bf5c984bc933f048bd0935d77591

Download Submit
C:\Program Files\McAfee\Temp2737255938\settingmanager.cab

Filesize
759KB

MD5
d2c53c06e75e4f64e87eee17b7a43acc

SHA1
b9bd6c8a3e74092cc05d9bfb71d3e8ac24b7553e

SHA256
64ab8e2e8842c1b6f30c98d5ac68ca06d6985bffc214a8c2258fb767f0f657b5

SHA512
b1243e191681de9eca9cfb1a642bb8bcbe2c99df74cf75a5c413221e61fd1ea745dad32b93211b0ad301a091e0d5f1f9b45c624e69e945d877c47801389f54da

Download Submit
C:\Program Files\McAfee\Temp2737255938\taskmanager.cab

Filesize
1.2MB

MD5
272f5284d5b644e843c6c11b09ac1ae0

SHA1
4e74a4013fe005334133264d17c894a56349b9e1

SHA256
d1a6cdfa8153e965eeeee23fa2764b122712abaae5a676b4736dd3355b1ee750

SHA512
d52ce70d1644d0d828474a8c92c8682dda81690e238816ed965407137bd1fdd79ed772eaf82c94f727215306b75682618612e2c3e973ada3f0b6a072fbca3284

Download Submit
C:\Program Files\McAfee\WebAdvisor\Analytics\dataConfig.cab

Filesize
72KB

MD5
eb105c0885ee2e4b9e2734f6f7284019

SHA1
327479f7820d19e6c236dc11f8707efd0d6bf6e2

SHA256
350bf925609830e683e5007dbe8feb4000a0c32a2b991798dc6b84608a2a8e89

SHA512
7e6805c2aabb1b1b8768eaf2c816dadbe78878249ea66eb89dd595fd9119ed0f8926213aa51028337fd1674aee532de301877458b5c7d9c0a2271c32a48ac611

Download Submit
C:\ProgramData\McAfee\MCLOGS\AnalyticsManager\AnalyticsManager\AnalyticsManager000.log

Filesize
5KB

MD5
37b862665424106ecabe292aad694e61

SHA1
adb264bfd790b5004fb9ce9cf4a248606200e35b

SHA256
7aea9d89a9b9e2048e83102e4d660acf76d0b50f1c0c33f6dcb56567346bace5

SHA512
61d6243629f4283454d3b47ecbd559bbeb855a8d163d2d7a25d33a831afd676751ad718a8c06422df66a2c23113cbf8fa0995121496bad08939a22e5535e6a92

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

Filesize
1KB

MD5
53df8536929c75ac454ec7853a1d1293

SHA1
110d88a6ce96aa369c335d35e18bbcc0b99f31e0

SHA256
bb8f1a23201c18f4de63ddc24580f719faa789fe6b4cd7f8fba1f132c9d1221c

SHA512
66f510fdcf8ce8f3080d5cfc7c35f7a4bdaf0060d1abf5a948157c5e49866f8fbec1ed1e388cd02a978497043583959e59ed9f6512d37b5efac167aa91d53353

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

Filesize
2KB

MD5
b44e5bbedd0271c5e92349e939bc1f51

SHA1
4c76ebd4259108af93df3d1931147a16fc20be50

SHA256
a4770355e7ac0fd88df617841b103439f4ce5a6436c16d835024eacaa1ac4a8c

SHA512
a5be06f7950fb4676b94dd104cec60bd26b16e80dc26e50be3b9dd085dd2723646929b8d6fcbcfe97ec0396e935043cbbd98bffcbca8c888fb190b11e6220904

Download Submit
C:\ProgramData\McAfee\WebAdvisor\LogicModule.dll\log_00200057003F001D0006.txt

Filesize
4KB

MD5
a3deb062dd62a684766d8f27afd6ceca

SHA1
f549543933f9f30c8da5fa279accc54bca6dd9a4

SHA256
ec26ebf4dae546f785aaac887e187783bddd8ddfc718a6b4d2537881f1446b74

SHA512
c65c068e19a83ea37c491b81a8194f79789effdeb8657d6b6aadd5c76b2a5386f16d1cb6d31ec3e4e32b30deb1b676f69932c8301a969a820b8f856038ffd598

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

Filesize
3KB

MD5
a9ab940b2a0986d13eb9d5069952f648

SHA1
3bd865f844a581369fe4b90c2cd5fafeb7de4a2f

SHA256
5fd1cb9e7c1582c8091f32c92f6617b1edffff3cc1c6639f316766bf2472fd66

SHA512
7b7fab6d34c4334605db827a2659afdc86cc01ba428b2659b40e60957928ba4cd8ba48e1efba1aa4ad11ebae64a0846e436f7640ee58d1b89f71721812683038

Download Submit
C:\ProgramData\McAfee\WebAdvisor\TaskManager.dll\log_00200057003F001D0006.txt

Filesize
4KB

MD5
7ce888d79f5a6e64c1fcd89038b9edc0

SHA1
06f45fc89560d9af64e3a19249f28052002ded43

SHA256
24a1e9869a72bb42effac32d456ccb27c94e776e8b647540ceb4eef8ba9e6a4e

SHA512
db01b42d57ff4c658ba1b07c9c0fda4dc3b8ec915443ab2c8c37fdff06b15f02514c8e6b89495bb6e4a28c3cc08d3d3eaa090ebdb3007ae1fc33004c15b6af08

Download Submit
C:\ProgramData\McAfee\WebAdvisor\UIManager.dll\log_00200057003F001D0006.txt

Filesize
1KB

MD5
ebd6117439365f388f793fe28bc816cb

SHA1
3b58803ee057428fadfa0b01324ba78ae8155afa

SHA256
e8dc523fa61eb5cd08d788bcd129debcb50a70be6193b6b046bf5e437535864e

SHA512
04ce5b13687fb483b2f194ded169cb0f5f595328400c09235ac2b9d0369374d44dff195439c1579fd8f7ffea2428e6931f9493992700f8867c37f831989f183f

Download Submit
C:\ProgramData\McAfee\WebAdvisor\saBSI.exe\log_00200057003F001D0006.txt

Filesize
302B

MD5
99c25a8e17521b9c6d1354eef527e284

SHA1
f874694bcc256a0277566fff7b4b29b24a59ea3f

SHA256
9029a27435c9cd30582ec84c782bfd11468142d49a1d51708c32fcfc1e15f548

SHA512
dd2efff33b31d66ff4a8b6cc41a04326dced7e690eb7e6b1aa99fded2bd3730bb2224fc8843c3405653820a60ac83ba23f0c085dedd45e7f78edb4d7b737cab4

Download Submit
C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe

Filesize
3.4MB

MD5
15d2b244251950f7e166067be28b1eaa

SHA1
30a7e09b4ea04941e68d3c05b6274cd960293763

SHA256
21ffb2fac0da3ec061c35cac371bd5ca3f5d209bd9a50e0ceb62afeb5f94454f

SHA512
85c6f6623b781c5803c0e5a8e8c0b8cc4fe9b93553761109bd7eab4d2420053482b59217f9f18298a86676f65cec4cae23d3052f86bd5e3caa1f32dc492f84ee

Download Submit
C:\ProgramData\McAfee\WebAdvisor\saBSI\installer.exe

Filesize
4.3MB

MD5
14b65b221880aecaeaff84122ac92faa

SHA1
418c067b62e13bea4b03575c6ba39bc626f335d8

SHA256
8fcb13839aed56beaeeb9dd75fb3d313d90156fca0fa9377bdd2519600a9ebdb

SHA512
8f4720d1b207aa885eff3e28ffbc4d0dc18ab65884a24fb7468e2d95f648870c7452810c0aa4f4b22274404c279222c1a96981fe3dde1cd9082e831fd119f4a2

Download Submit
C:\ProgramData\McAfee\WebAdvisor\saBSI\saBSI.exe

Filesize
1.1MB

MD5
143255618462a577de27286a272584e1

SHA1
efc032a6822bc57bcd0c9662a6a062be45f11acb

SHA256
f5aa950381fbcea7d730aa794974ca9e3310384a95d6cf4d015fbdbd9797b3e4

SHA512
c0a084d5c0b645e6a6479b234fa73c405f56310119dd7c8b061334544c47622fdd5139db9781b339bb3d3e17ac59fddb7d7860834ecfe8aad6d2ae8c869e1cb9

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
771b9ee84d963db7e83c8dd464214522

SHA1
c4628c21b98afe929fd13964991f6c51bb8d4158

SHA256
b0474a2fbf459c08f8c059a488c62b0cc5a9033a1619ade45f491fc3b3891d20

SHA512
31da0a04df4dfb03db63597bf89c45a4f23276b5a88e359094456f04bc7db39952c756be362e79941524056b84e59184589ef3e41619fe55514ddfeee4406c9e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
471B

MD5
263ebe60f35ebdd89180c5da75d02642

SHA1
56f3df338ffbb232192d043bb7b7f1838a9edd34

SHA256
896bd2a3db27a247995a09492f4079935968b25f0ee42eb86ae520c6b03c9d01

SHA512
efea298097f263ca77233cf888781596be771eafc1b266f759a2d4a8ae187f0d35d9fca8bc2895edb31bfa9c08bbc6b3025e481df44b9f4c5a47a85cd95016e5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
c3f1e5f459b2488bb131c46fa6fdc383

SHA1
b3b14333e4c4daa075d7158a85d314db42653270

SHA256
256108e9f684aeb10a6485957cdacf830a548968996515306d0f3f08b056b5d0

SHA512
6c1d9f2842290330f43ccd901cd5abb985dd857c587a3ab72a4dcd8b3873417a554ec7e57c28469d20493c98fb834fee3040b943928f22a2588c41bc66681a25

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
011136c355cb30dcb52c31880fb075ae

SHA1
e7f1048c5365a9a9ae985b74f811407e3ace0985

SHA256
3a9cb61734efb51ed818fe61865c5346fc0346ea4d2b5da3598e832070750374

SHA512
1dc64b8788e8a8181c7b08e31b147da915c3525235356e0bc37deebb636800b9843a4d30fc2c2253dae7cd5741a1fbdd38dec711e8c4b64d8b7e812c644ee090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7ee1c6757da82ca0a9ae699227f619bc

SHA1
72dcf8262c6400dcbb5228afcb36795ae1b8001f

SHA256
62320bde5e037d4ac1aa0f5ff0314b661f13bb56c02432814bffb0bd6e34ed31

SHA512
dca56a99b7463eddf0af3656a4f7d0177a43116f401a6de9f56e5c40a49676cea5c38b6c458f426c6bff11165eec21104cfa9ca3e38af39d43188b36d3f22a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d62cefeb0c8fbab806b3b96c7b215c16

SHA1
dc36684019f7ac8a632f5401cc3bedd482526ed7

SHA256
752b0793cf152e9ea51b8a2dc1d7e622c1c1009677d8f29e8b88d3aa9427dd01

SHA512
9fc3968fec094be5ca10a0d927cb829f7f8157425946ebd99a346b7e63c977cb3f37560af1a4bc8f87ab19b43b3ed86fd5b37f89d1a9b2dc86e3c73142c3065b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
194KB

MD5
ac84f1282f8542dee07f8a1af421f2a7

SHA1
261885284826281a99ff982428a765be30de9029

SHA256
193b8f571f3fd65b98dc39601431ff6e91ade5f90ee7790bfc1fba8f7580a4b0

SHA512
9f4f58ab43ddadad903cea3454d79b99a750f05e4d850de5f25371d5bec16fc312015a875b8f418154f1124c400ae1c82e2efd862870cd35c3f0961426c8cd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1a10aab72c03fc61967424c59bd20446

SHA1
4823075d10673f6128f167e57d7ba0cd20b38c17

SHA256
9b555cdb4405693910b657a954ac16d7c4ce62beea83c6242f3127d25b94ca0a

SHA512
bda9c879d2fe1d2d4e241fdf018f0ccbfbfe2ef299dc504b3b8593af5bf0b11d9e78eddf13b28335c3b1bd3377146d765967ef0024f39407ecc53e7101977e16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
2b7a5865dfc77ad7b2a92b44d36b8751

SHA1
74628a2a003de6e25a3a50af5dc767efbc0c6f35

SHA256
e5d443ad144da46c79f6e17e7bc083cea0d3bfd5b3b27bc6fdc7654df2ee7a6b

SHA512
e2e23e1165672efe8a0881c4a44e27ff379d0f00cb482f00e2c4d7c6439afe42bda45e782662aef92f2891e40cf49ade890c9aebcac54c054443b2a94f2856eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
9609aede1364e3710d6c42838ff54ae0

SHA1
65809eef45df51648e33b9c28fc79d998850de34

SHA256
f9cd0cdd24ef8d5041dd66a80dc28a0279a1a745df694aaa3ea9c05799e8f1ba

SHA512
dcda0cc1534b3a1bf2969e1a650d5b55a4ddf23cfb153459511db4b07cfbc95c526c30027f0533b9bdb8c688ca53a39ed6fd25306eca5e79cd99ad1095773dec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0fc985461f48630600ac3ff01964ebc4

SHA1
77b0df54aca118805de7ddb2087485f9739007f7

SHA256
7a0db0d35015a2405bad554cc4b9598db76aaadd0e9145e38524b2598760ffdc

SHA512
1435b51317f8711a26b6354a13ba07fd779a3fd8e24ba4610d5782eb9a2d671f370b2281835a60b9db69c054dfaa4697a85f8fe860fd9edf929f006fd9ede865

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5977b7.TMP

Filesize
1KB

MD5
d2952c8ad3f5655dad0f6193663006e7

SHA1
c4a599ef03170c58b0f8dc1d87288381f7877405

SHA256
d5135a8f42941dc65f8a4799aca50ad0b8d0869ec7371d8e70d64387fa8beaa7

SHA512
6202e41635337a277442b0355d9920e8c74934e4636b7eda29117c469fa673ffeb0703faa56b65f6ee9fe099de10248e32a844b6f53c8986a75432cdc58ff814

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f6dc53d0ac3c2ad25a82591aef9280d0

SHA1
027a9675bd6ca9535b4cdc482277313ed2618139

SHA256
0c77ca05063c6695fe095dcd1a7c6cc06325fbdc87e1be51ebff4db0c93fcaea

SHA512
9b16bbdd7dc5ea2eead43b5a44f1803e9a1c177e549c48ba7042a046bc2f7f54592a58993641711394b6b7700dc2ce0d67dd9cc3b05292e11d07096e088956b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402211843031\additional_file0.tmp

Filesize
256KB

MD5
b3c524525085af603201ccd7dbd8a106

SHA1
c5795b358da5755c9d3933ae763206349d5504cf

SHA256
304ccfa10af80703ce22b99eb9af6bd03c0c9a00375953aeb296737f1cd37ab6

SHA512
4b709f877ea79800967e24b6cf5efb73b90e2322328ceca4c9ab2fb3884df8fed9d3e1aa072f9aa6590390f2b1e6d47aa1aea21d1239ff579cc91210f4bcfa55

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202402211843031\opera_package

Filesize
1.6MB

MD5
8005f039784fecebade401f83bd4d0a5

SHA1
3db659f6510dc1d331b79fe6a3c34ed9377bbaa7

SHA256
62b26a53a7c268eddff874903e7a2253bf2535561e096eb325247b6c40901b06

SHA512
2813823655907e0e7fa017efcac0e03eef7195ce442d522b998767d66e6214ff347c103994e4a2b844dc6e45f0555382b6dce9c56fbf43cbef0e865b27baaaf3

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402211843029483444.dll

Filesize
4.4MB

MD5
43a273845a4101133ae610099c152ea3

SHA1
32d1123c170320b230d4fdafde0c7bc8c88a4a1e

SHA256
0ad97ae9e060805113be5acf996454c87a243c0bc2a59a2412e0073835588c6b

SHA512
cb38c289023f8d266f16974ac5062df846d41ffa14d40f84fb9d74bfdfe19471badea2424987a2e8b59bdc7de4b242d790a4993cd726c5520280e0d8d96098fa

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_240221184303245112.dll

Filesize
4.0MB

MD5
1001a077d5d46a12a75b3bbe97c8bfc1

SHA1
591aa1d5e888fdefaf7140ff9c585ec27e33aad5

SHA256
04c88ccd33824e10b3793a992422a576664538c088ec5cc26e953b37292d4c59

SHA512
888002cc42067486d790f8ee3e4521922377ccda2bc1ad4fad078e630603892f7869253318d2b39a41246e8f09ab4b3032bdc558137283dc630a070c12818bf5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402211843033852196.dll

Filesize
3.3MB

MD5
260d85b633e4c31c22fcce1b9e973372

SHA1
edaaef81283d22855472fd8a6e5b4a4369151937

SHA256
63501483f1048c098b2fead14bb74c1b900f5a86fea35622a0dd7c8c824693a6

SHA512
c9366eb2bdb913090bb6a960904aecfc2ffa5d5379420e2ac45b9a7d70457b61c9692c53d961417d00564e5e7fd122026e4098e4af30a1e563b3878c2892f9e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402211843033852196.dll

Filesize
4.0MB

MD5
aee3cc5c92ec52de8b6a8713abf58b31

SHA1
9ad0af00cab197f1656c5b87907e30bd8c5bbc11

SHA256
e702b90969a020901ef2d5138d49517a1b312d4eff72deeb5491f29774a629dc

SHA512
7c8d127e5d1ff0111ffd0e40c251750284b27dd7b8674d80ac7366a451345de3d83f97ea547f1bf8453cd534d81ff3a7a709822e619f4bcbd22974a8fb3c65d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402211843035425020.dll

Filesize
3.5MB

MD5
9e5c2cc5a228b07dd585ee2f6c37d3dd

SHA1
fa173023ecf9cd0eae5c4c5989c027f1d1c20a69

SHA256
530f666b2fd7be6c1048cab590210e2e76d95daad22818b47d22e8d543508155

SHA512
5be2623fabe32ce422afba39da7dc640eb05b45e88929147130fd6c4a35413026ac5ba92b18665c95ddf628a7f941387e969fe51afbe6b848eb8348b13dd9a01

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2402211843040733596.dll

Filesize
4.0MB

MD5
f1f66f4f9bce0868951862c0dd6ccf9c

SHA1
55771de3af62206fd484963e42c8c4f81e0986a6

SHA256
01bf7639a5ccb5c6e6e4f27171cf7072710688050cd5125021b5d8551eb7aa52

SHA512
f9e58d0e466250cbbc900779063babc52f56af6d7fb1ff69d8fa0abe8688ec115feb34aa4671988e4f4ccf488ce186d5bcfbfb0fdd38d87bbde986c0afbe7520

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-JDE4P.tmp\fortinet-7.0.0.0029-installer_jLa-0t1.tmp

Filesize
3.1MB

MD5
c8c4d20b0a603fd1e0a2ea304fa05721

SHA1
608cd0a7e122682c6f0a0622accc2a6cc23b6c4d

SHA256
c1e0bf25484a1dacced5e782f6fa50c4994fbfd026f3a901ae93601eeaca921c

SHA512
e0f6226d280c221da8b5902629b9e29ec09dd1c311eba28ad739b3eee44f57608a3d276ca5740a7687106ea905ee12d40fd0983be8bc20daa8ff45d0834d766d

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\Opera_new.png

Filesize
38KB

MD5
d9ee988b72b14e305f2b8891b1952cde

SHA1
fe73c83b75b11b6eec464cd68df6748ad446ff47

SHA256
2fe0e0d53b94b1dfecb7a9a1990479d55371c49d8387e9037a48460c4b2d76fe

SHA512
9f31c3470a598350296879d6a7d8ccff96d64b59dafb00e53b8ae90f78b341bf7cbde1a4d0fe836e6013048910ee9aa54baece3b6d754c5c0c1e0cd52ccf6eaa

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\WebAdvisor.png

Filesize
46KB

MD5
5fd73821f3f097d177009d88dfd33605

SHA1
1bacbbfe59727fa26ffa261fb8002f4b70a7e653

SHA256
a6ecce54116936ca27d4be9797e32bf2f3cfc7e41519a23032992970fbd9d3ba

SHA512
1769a6dfaa30aac5997f8d37f1df3ed4aab5bbee2abbcb30bde4230afed02e1ea9e81720b60f093a4c7fb15e22ee15a3a71ff7b84f052f6759640734af976e02

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\component0.zip

Filesize
499KB

MD5
cd9c77bc5840af008799985f397fe1c3

SHA1
9b526687a23b737cc9468570fa17378109e94071

SHA256
26d7704b540df18e2bccd224df677061ffb9f03cab5b3c191055a84bf43a9085

SHA512
de82bd3cbfb66a2ea0cc79e19407b569355ac43bf37eecf15c9ec0693df31ee480ee0be8e7e11cc3136c2df9e7ef775bf9918fe478967eee14304343042a7872

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\component0_extract\saBSI.exe

Filesize
1.1MB

MD5
bb7cf61c4e671ff05649bda83b85fa3d

SHA1
db3fdeaf7132448d2a31a5899832a20973677f19

SHA256
9d04462e854ef49bcd6059767248a635912ce0f593521a7cc8af938e6a027534

SHA512
63798024e1e22975d1be1e8bff828040d046d63df29f07d6161c868526d5f08451e44b5fa60bfb0c22cf7880abc03aaedafa2c5c844c3aeff640e6fac9586aab

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\component1.zip

Filesize
2.5MB

MD5
50a047c9410a6795b16efac1282e06f5

SHA1
6ca6cab3791347cc73ee0bcc95800041abb8bb9b

SHA256
d652c51ef76666282e8e9d165ef7d053414899aee4fb20f537aabf3e82e05a61

SHA512
33f01275c6cbdbf26f8750402e2c9d5a857d3f6d267249c38ca26ccda90c76a22dbc5b25f6c9eff41b17401e7283d93b119607d195cabf7d5e4353bc4d6ff9ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\component1_extract\OperaSetup.exe

Filesize
2.6MB

MD5
9e72834b5d485917ae5e2721bb6614ea

SHA1
9602bff165414bd13aba117cdf02bd52de1eca44

SHA256
abeef8addf7fd49490022a98a445959d8413085fa2648dd5299d7c1d4b320646

SHA512
477d939d43971bb6465b80a14e4a8722ba10af8c7966a9336aebae42dacaea4b605a4895278034eabee1a2e5ae44e93ba3e6b45bfcd78687331637b2b7747d4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-QEI57.tmp\mainlogo.png

Filesize
4KB

MD5
876aef14e8c4c55edf801c5d29c39409

SHA1
f8729c763d309c1aad26f9dd9e23b2c197633f66

SHA256
aee796737569322493175e6b4d6c75eeb0dea180be23a12c318941ba265555b0

SHA512
81bbe9c680999fd110f0df915b0a4a126f06a13cf4e76510c469f208c1aedb46478244aaa12cae417dc0e86bbd10232035aea37c8b42c3941125819602026683

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
bd9759dc618d3af71a4aac018ad8882e

SHA1
663151a4bee275852f7a776210b16b419aad5a42

SHA256
096c122a0c63dc0d334a6678d49b5625e9c11c172db41b3bd2553e948c24ca5b

SHA512
ea7ac63d016c702d11e0e2c94b10e4876f4ac4effd5f35539e6b847b5bf217322c6796b60510d5f0a1f6d43033e4aa2df6452af09da2888ee99cbb422b7a88c9

Download Submit
C:\Users\Admin\Downloads\fortinet-7.0.0.0029-installer.exe

Filesize
333KB

MD5
1c74507e331241df52e5934c08310db1

SHA1
fa3a6bc4087c2da06b18d442fdfb6180b1baa719

SHA256
d3cc0db87031cb5af09162c9ad974537672c3708ab5902fa9e6ee29187a9bb7e

SHA512
2f929bd88694fdda79bffbcab7900dda71eaaf2a56328d4c51c9f2e9c59bf08ce15445f0129e4e6ac89290da11e88ff2c62195b4df59cec8f8fb29a575123b39

Download Submit
memory/112-310-0x0000000000C70000-0x000000000117E000-memory.dmp

Filesize
5.1MB

Download
memory/856-22-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/856-48-0x0000000003620000-0x0000000003760000-memory.dmp

Filesize
1.2MB

Download
memory/856-301-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/856-246-0x0000000003620000-0x0000000003760000-memory.dmp

Filesize
1.2MB

Download
memory/856-237-0x0000000003620000-0x0000000003760000-memory.dmp

Filesize
1.2MB

Download
memory/856-54-0x0000000003620000-0x0000000003760000-memory.dmp

Filesize
1.2MB

Download
memory/856-197-0x0000000000400000-0x000000000071A000-memory.dmp

Filesize
3.1MB

Download
memory/856-19-0x0000000003620000-0x0000000003760000-memory.dmp

Filesize
1.2MB

Download
memory/856-162-0x0000000003620000-0x0000000003760000-memory.dmp

Filesize
1.2MB

Download
memory/856-49-0x0000000003620000-0x0000000003760000-memory.dmp

Filesize
1.2MB

Download
memory/856-20-0x0000000003620000-0x0000000003760000-memory.dmp

Filesize
1.2MB

Download
memory/856-28-0x0000000003620000-0x0000000003760000-memory.dmp

Filesize
1.2MB

Download
memory/856-25-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download
memory/856-53-0x0000000003620000-0x0000000003760000-memory.dmp

Filesize
1.2MB

Download
memory/856-6-0x0000000000D30000-0x0000000000D31000-memory.dmp

Filesize
4KB

Download
memory/1784-21-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1784-303-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1784-2-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/1784-0-0x0000000000400000-0x00000000004D8000-memory.dmp

Filesize
864KB

Download
memory/2196-138-0x0000000000E90000-0x000000000139E000-memory.dmp

Filesize
5.1MB

Download
memory/2196-142-0x0000000000E90000-0x000000000139E000-memory.dmp

Filesize
5.1MB

Download
memory/3444-309-0x0000000000C70000-0x000000000117E000-memory.dmp

Filesize
5.1MB

Download
memory/3444-122-0x0000000000C70000-0x000000000117E000-memory.dmp

Filesize
5.1MB

Download
memory/3596-166-0x0000000000C70000-0x000000000117E000-memory.dmp

Filesize
5.1MB

Download
memory/5020-150-0x0000000000C70000-0x000000000117E000-memory.dmp

Filesize
5.1MB

Download
memory/5780-564-0x00007FF7E2900000-0x00007FF7E2910000-memory.dmp

Filesize
64KB

Download
memory/5780-741-0x00007FF7E3D40000-0x00007FF7E3D50000-memory.dmp

Filesize
64KB

Download
memory/5780-724-0x00007FF7D9B10000-0x00007FF7D9B20000-memory.dmp

Filesize
64KB

Download
memory/5780-727-0x00007FF77F770000-0x00007FF77F780000-memory.dmp

Filesize
64KB

Download
memory/5780-716-0x00007FF77F770000-0x00007FF77F780000-memory.dmp

Filesize
64KB

Download
memory/5780-760-0x00007FF7D9B10000-0x00007FF7D9B20000-memory.dmp

Filesize
64KB

Download
memory/5780-779-0x00007FF77F770000-0x00007FF77F780000-memory.dmp

Filesize
64KB

Download
memory/5780-765-0x00007FF7E3D40000-0x00007FF7E3D50000-memory.dmp

Filesize
64KB

Download
memory/5780-708-0x00007FF7D9B10000-0x00007FF7D9B20000-memory.dmp

Filesize
64KB

Download
memory/5780-807-0x00007FF7D9B10000-0x00007FF7D9B20000-memory.dmp

Filesize
64KB

Download
memory/5780-814-0x00007FF7D9B10000-0x00007FF7D9B20000-memory.dmp

Filesize
64KB

Download
memory/5780-811-0x00007FF7E3D40000-0x00007FF7E3D50000-memory.dmp

Filesize
64KB

Download
memory/5780-592-0x00007FF7CC240000-0x00007FF7CC250000-memory.dmp

Filesize
64KB

Download
memory/5780-599-0x00007FF7E3D40000-0x00007FF7E3D50000-memory.dmp

Filesize
64KB

Download
memory/5780-645-0x00007FF77F770000-0x00007FF77F780000-memory.dmp

Filesize
64KB

Download
memory/5780-672-0x00007FF7CC240000-0x00007FF7CC250000-memory.dmp

Filesize
64KB

Download
memory/5780-685-0x00007FF7E3D40000-0x00007FF7E3D50000-memory.dmp

Filesize
64KB

Download
memory/5780-689-0x00007FF7D9B10000-0x00007FF7D9B20000-memory.dmp

Filesize
64KB

Download
memory/5780-721-0x00007FF7E3D40000-0x00007FF7E3D50000-memory.dmp

Filesize
64KB

Download
memory/5780-690-0x00007FF77F770000-0x00007FF77F780000-memory.dmp

Filesize
64KB

Download
memory/5780-618-0x00007FF7D9B10000-0x00007FF7D9B20000-memory.dmp

Filesize
64KB

Download
memory/5780-606-0x00007FF7CC240000-0x00007FF7CC250000-memory.dmp

Filesize
64KB

Download
memory/5780-601-0x00007FF77F770000-0x00007FF77F780000-memory.dmp

Filesize
64KB

Download
memory/5780-567-0x00007FF7E2900000-0x00007FF7E2910000-memory.dmp

Filesize
64KB

Download
memory/5780-566-0x00007FF7E2900000-0x00007FF7E2910000-memory.dmp

Filesize
64KB

Download
memory/5780-565-0x00007FF7E2900000-0x00007FF7E2910000-memory.dmp

Filesize
64KB

Download
memory/5780-539-0x00007FF7E2900000-0x00007FF7E2910000-memory.dmp

Filesize
64KB

Download