hxxps://fortnite-battle-royale[.]en[.]download[.]it

Analysis

max time kernel
150s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
30-09-2024 22:09

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fortnite-battle-royale.en.download.it

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 13 IoCs

pid	Process
4348	OperaSetup.exe
4788	OperaSetup.exe
4800	setup.exe
1208	setup.exe
1724	setup.exe
372	setup.exe
5160	setup.exe
5312	setup.exe
5668	setup.exe
5708	setup.exe
2608	Assistant_114.0.5282.21_Setup.exe_sfx.exe
3672	assistant_installer.exe
2976	assistant_installer.exe

Loads dropped DLL 12 IoCs

pid	Process
4800	setup.exe
1208	setup.exe
1724	setup.exe
372	setup.exe
5160	setup.exe
5312	setup.exe
5668	setup.exe
5708	setup.exe
3672	assistant_installer.exe
3672	assistant_installer.exe
2976	assistant_installer.exe
2976	assistant_installer.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 6 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Assistant_114.0.5282.21_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 658541.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
3364	msedge.exe
3364	msedge.exe
3020	msedge.exe
3020	msedge.exe
4568	identity_helper.exe
4568	identity_helper.exe
2192	msedge.exe
2192	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe
2968	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe

Suspicious use of FindShellTrayWindow 36 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe
3020	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4800	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3020 wrote to memory of 4908	3020	msedge.exe	82
PID 3020 wrote to memory of 4908	3020	msedge.exe	82
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3472	3020	msedge.exe	83
PID 3020 wrote to memory of 3364	3020	msedge.exe	84
PID 3020 wrote to memory of 3364	3020	msedge.exe	84
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85
PID 3020 wrote to memory of 4052	3020	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://fortnite-battle-royale.en.download.it
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9b8ed46f8,0x7ff9b8ed4708,0x7ff9b8ed4718
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:2540
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:1260
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:4188
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5436 /prefetch:8
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6396 /prefetch:8
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2192
- C:\Users\Admin\Downloads\OperaSetup.exe
  "C:\Users\Admin\Downloads\OperaSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4348
- - C:\Users\Admin\AppData\Local\Temp\7zSCF0BA808\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zSCF0BA808\setup.exe --server-tracking-blob=Mjk3MDcwYmI0ZWZmMzAzMjZlZWRiZTY1MjlmNzc2ZjJhODlhNzg3NTA4ZTU1NDc5MzI0MGYxNzg1ZGYzZjRkYzp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWlubm92YSZ1dG1fbWVkaXVtPWFwYiZ1dG1fY2FtcGFpZ249ZGl0IiwidGltZXN0YW1wIjoiMTcyNzczNDIxNS4xNDIwIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJkaXQiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJpbm5vdmEifSwidXVpZCI6ImZhNmZmMjIyLWQ4NGItNGJlNi05NmFlLWI4ZDVkOWQ0MmRhOCJ9
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious use of SetWindowsHookEx
    PID:4800
  - - C:\Users\Admin\AppData\Local\Temp\7zSCF0BA808\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zSCF0BA808\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x32c,0x330,0x334,0x328,0x338,0x741f69d4,0x741f69e0,0x741f69ec
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:1724
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5160
  - - C:\Users\Admin\AppData\Local\Temp\7zSCF0BA808\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\7zSCF0BA808\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=4800 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240930221024" --session-guid=bed8f907-36bf-4289-92df-c1a13bec3e1e --server-tracking-blob=YmQ3NmEwZDhmMzFmODM0YTBkZjYxZjE2NzhhZTk3MTlhMTkyNjQ5MWE5ZTg3YjE4ZTFkYWNiOTI0MmNmMTQzMzp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWlubm92YSZ1dG1fbWVkaXVtPWFwYiZ1dG1fY2FtcGFpZ249ZGl0Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzI3NzM0MjE1LjE0MjAiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6ImRpdCIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Imlubm92YSJ9LCJ1dWlkIjoiZmE2ZmYyMjItZDg0Yi00YmU2LTk2YWUtYjhkNWQ5ZDQyZGE4In0= --desktopshortcut=1 --wait-for-package --initial-proc-handle=5809000000000000
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      System Location Discovery: System Language Discovery
      PID:5668
    - - C:\Users\Admin\AppData\Local\Temp\7zSCF0BA808\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zSCF0BA808\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x328,0x338,0x33c,0x304,0x340,0x717b69d4,0x717b69e0,0x717b69ec
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5708
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409302210241\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409302210241\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:2608
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409302210241\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409302210241\assistant\assistant_installer.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3672
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409302210241\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409302210241\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0xd217a0,0xd217ac,0xd217b8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:2976
- C:\Users\Admin\Downloads\OperaSetup.exe
  "C:\Users\Admin\Downloads\OperaSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4788
- - C:\Users\Admin\AppData\Local\Temp\7zS4B295A18\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS4B295A18\setup.exe --server-tracking-blob=Mjk3MDcwYmI0ZWZmMzAzMjZlZWRiZTY1MjlmNzc2ZjJhODlhNzg3NTA4ZTU1NDc5MzI0MGYxNzg1ZGYzZjRkYzp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWlubm92YSZ1dG1fbWVkaXVtPWFwYiZ1dG1fY2FtcGFpZ249ZGl0IiwidGltZXN0YW1wIjoiMTcyNzczNDIxNS4xNDIwIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJkaXQiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJpbm5vdmEifSwidXVpZCI6ImZhNmZmMjIyLWQ4NGItNGJlNi05NmFlLWI4ZDVkOWQ0MmRhOCJ9
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    PID:1208
  - - C:\Users\Admin\AppData\Local\Temp\7zS4B295A18\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS4B295A18\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x31c,0x320,0x324,0x2f8,0x328,0x733869d4,0x733869e0,0x733869ec
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:372
  - - C:\Users\Admin\AppData\Local\Temp\7zS4B295A18\.opera\Opera Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS4B295A18\.opera\Opera Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1908 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1964 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2188,16510079563953305790,16507674952750212507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:6100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4256

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
38d4dfcaf4419458b264081cf2f6085e

SHA1
c25c8e6ce9a9799557cc6a5b8e055fea05c4bc74

SHA256
edd5122b397c26e70920054484d209229cfca9aaea4bafa25df087c2760f05b4

SHA512
a6b8446f65ccff142a07d6eb6de2e615f4f925f2df244122d5a588d6c88acc7ed7cc3bfca5469cf5c9fe9d800d253d6fe96b1fbd051becb034acfb898e095fb7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0F90096E7DCB862ED66CE39084FC7811

Filesize
727B

MD5
3c96a5283403bc156271fc8628e7c48f

SHA1
dbfa8d9602f2a3440206e61e13ace3bbad924165

SHA256
006f6da6db7eab45d71b93f64884fdbbd62603f15c4697c1488deafa03f50237

SHA512
504fb56ee32cc9c320582f0cc35dc88f47712ac6d2dbd2c507177e3666cf52c0388d14726a6273872bd7d7f4e5ecd8326d5c0a602961097cb8d14a2536eab373

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
240dbc255c1276de671d07f616e3c710

SHA1
e9d0736b053e0fa8ba75843f952149743c2e4080

SHA256
7c47e2855d2c1416fde57342b496f57e4ef9ed7df84d2a9cbd61d77afdad7e89

SHA512
f643b3dd6c11d055ba7dd368a928dc0d86c5b5489710ba60113239a14b86df651c16bb40ac502df032c299ab532174212805b9dc58ebcf165a6c95804e8cb8b1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
9e7aa0e90f2654f68b7319b9086e8b03

SHA1
e59bf86d66dc7a880628ad522b0ec4f52b751a02

SHA256
873cc58403af5b36dc73f886b249f1eeb14fc88500b0d35bfbea2c388e56e15a

SHA512
6fafc83f14e98912f2c04cc754bdf052c9e2345e8b4f7dbec20d4c2ad28fb53c67d0356289d1ac1518e6edb2836e2980f8a49b10f72a4ba07da20eda8bcb163f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0F90096E7DCB862ED66CE39084FC7811

Filesize
412B

MD5
9bf1256fa6304c5742fb0973f537f207

SHA1
3e7e88c3804e4e2845130c8edb7f86f942676486

SHA256
c2f3732f28c3aa92cf9f77e27717eb61e1bea26ec62eca8713cae71cb7b67526

SHA512
01de7f3151bc0b9ff2a5ff0bbb68a676342da672e483695f1962a7c9fbf6fe9f8edd0a21e1373ade31ff41f7f5e212ea0f28b662ca14cb498c15230eeed18574

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
6e9edf43bbb29a39d51ee7f6afb9d156

SHA1
74b55fda1b75636f80d6045940fd558906b37e6e

SHA256
1ff6a31906a58347f9487440138407a5e14212c2206c5c38d38e9dea011669f2

SHA512
1800b19fdb986f63c22338902933fdecb03cb4d0e5e4d4e6f6c91c2e8ff1b273e2d002cbd610ea34a92dd048d5f255fe699ae921dfa2ce61ba4e60a8c58c05a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
53bc70ecb115bdbabe67620c416fe9b3

SHA1
af66ec51a13a59639eaf54d62ff3b4f092bb2fc1

SHA256
b36cad5c1f7bc7d07c7eaa2f3cad2959ddb5447d4d3adcb46eb6a99808e22771

SHA512
cad44933b94e17908c0eb8ac5feeb53d03a7720d97e7ccc8724a1ed3021a5bece09e1f9f3cec56ce0739176ebbbeb20729e650f8bca04e5060c986b75d8e4921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e765f3d75e6b0e4a7119c8b14d47d8da

SHA1
cc9f7c7826c2e1a129e7d98884926076c3714fc0

SHA256
986443556d3878258b710d9d9efbf4f25f0d764c3f83dc54217f2b12a6eccd89

SHA512
a1872a849f27da78ebe9adb9beb260cb49ed5f4ca2d403f23379112bdfcd2482446a6708188100496e45db1517cdb43aba8bb93a75e605713c3f97cd716b1079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
76KB

MD5
c87622caa878b000adac31f6efacaee6

SHA1
27498dabfb4631584984cf949fc1df07cc69b4bb

SHA256
94335abd7fcf53c6540037603df0c25c181b8c1b0083b1fda8f7051b934de3a0

SHA512
cc33fb44c54be7ee91dd64d773228753d3157189dbedc2e68370663462d748e1d2c6f7637fe069231745c672e33892837b42ba9843fa4ff4f11fc35240b3fdd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
97KB

MD5
f915b483a5db5a47a0d4864c0bcddd63

SHA1
e64c5bca9f0eb52a300e0186cd62b2535d2e55f8

SHA256
d890357836024394a74c1e52e0cc1d9d71a27b7b6291fed001fa25f3122e8549

SHA512
f3c522d12bca69b4dc4e42eeeb0bef82d29cf040ce7b04bdedd4da27abdea20d601dc200aaf0e0a7fc1cf3805f66bdeaf8554c4ef863d4b63a59017ee4417698

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
45KB

MD5
2bbe412fad146096d0aced4342b42c23

SHA1
de5ab613b4daccf1ab7b4497c38b3725128518a7

SHA256
e73ceb1a47d2d4b53ed40210919b64fe0cdfbd05437fa3b4762a5170b35c2820

SHA512
1463b7c8acfff7cd154a53871a2ec34c0e8dfc4e93df6d63ec9b34385cc663f410c8bf13b366f58b87073f90719dbf98070e887213c5f3641d5ecbe09e59e767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
648B

MD5
e443c396d6687426de21ad8f2a8b26ca

SHA1
82b1c3e7386d891ea0fd9ebeb524d1a67287bc8e

SHA256
16913f422eae173f32945dd612a0bf78e6575d4154049ba6a75b30c1781c84ed

SHA512
ab23a5257317fdb2ebbf11c43e1af7441f3f1449b21b127c0a5a94117692c64504735ef717403e46cb2b35a6c4dac2b8d4b475af4686c96468dd76a20e940efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
9c328f2311fe9c5b5ada91c3e1e02411

SHA1
71f0a6d2441e12280ac13cadba3a6f7ad88736e5

SHA256
244deb6b590526006cb4634723a65cba82f55f35bd3a0e6203c9ccde40834516

SHA512
adadaa1cb379693685553fa1929eb6911f53abc5ac9167fe20490e9b39fc5979f50206ff39f3203cbb795ff4a4f5a7d02dc735699879bc7f713ef436306d01d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9517e47db2e9016d24756a51bd3ed0e6

SHA1
113f3b65a9dd58f6f61aad6207c6f7345e6b701b

SHA256
608875d6637dcb285ac6c3a94c8a272fb5a7183741ffe55f2dc2a709edbd963f

SHA512
3ebdf7df50f4f4ffbfb2a35090c5d2ccf1a203c8d35c2bcf6b9727ccf40c03b34420fbbae855788e9d431bdd15257d5651c2b4624962a2b83a0a1c8c69937f74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
dd28d0c8327d2bd84b4aacdbe3cf1a09

SHA1
8be6762d459b6ea4a63d2dcaaf2ac8feb597f879

SHA256
04dd06cd929a15312c99b778ee8deae00834f8c3a2fdcb7913ef5b25b8076f86

SHA512
7ed98872f81b2a78afa9fb61499031779045ab0b19c5b1c9ccba0d5cfc254314da1d9ed03025ad9f7fb2d34b0681519bcd3514438f60dbcc031d4335927d307f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
687b4a7869c0d5792881113696b55f56

SHA1
05107dccec322d359afd5848cb4fd956c3ef81ca

SHA256
427f9d77202512e4b05a2b0df0abfbc34c43701300c7529e22dee1e40e1bc1d1

SHA512
30747ad9b00ca0b6bf7104661ef5df34a0079fda47f90ca311068631132aca5509833a94536b9eb6e9ddda756e5b00452e25e7fa0371ddb8fcc8c93a5959d190

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a6968985e140001bf9f44d182633185d

SHA1
dcc7bedd02125d276b98de77a1bb7c329dc67c1a

SHA256
cb1f2170a37678fbeb479cadef59688e6ff6691a13c1571007cab31e15ad122c

SHA512
1c19cfef7d1f6176050f87495c52d5ebff8baaa62ddd06913c49047fb6f831fdfb6fbdc4cd0148a86908cc84cc96cacebe4ac21671772c2cbc2aa0902ddbfec8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
8678e6094086421d9063f3304fc1d004

SHA1
6cd0e911075724852d19a0e1ce922116bde68ca9

SHA256
22704cacda77400237e94754c5a90aa593f35c8efb1d8c7d2ad27f262114bc92

SHA512
fc17a9c7dd87413bc0242ecba4c085af48d996c5c0e116461129db88669d007c9144ef7df3a98ae1110fc2bdd9b73430295b973e58c16506977c7b1857639a58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b7cb3a5678ca39baef49ada1124a8fce

SHA1
7352730830a450af13ab5b32f5a0beaa1eab7223

SHA256
0b0456cd53de0eeab6812c4444e41b90a1fd422a3fb703e745a6ab35def3610c

SHA512
611097e4a634baa2c1363eda5ba9e4b77615b8efe3eb2a23ec625d938479e06ad205b6ef75a710a300c14e880c9e11f508176aa4f20170b9fe2faa9ef5831d27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c35c8ff2f60029626e7d5ca80e3c2919

SHA1
ef405dd3e8909d5b1870a485b24939d9795b02c5

SHA256
0c9ce413673ebc36503351f1eac41b106f08bf83da6146314e0c8d7d36e170d5

SHA512
8e24baab271bb16a31aae18a27f08aff940184094f6c670eae2c9c7dba9da9ee9f6bf5a02c1f7276c09adadbf817f28189803d5840a6041f5e94ca0be078f471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\497d5195-8c72-4698-bfae-3520e2e4af1b\index-dir\the-real-index

Filesize
1KB

MD5
3257fd340a0dea67fe544b251b83f77c

SHA1
47e436d9a615d80267a935cb950879494ada81e6

SHA256
05f3a3f921e54f4b2b2b3def0a02bcedcf22121a0a64470b19aa96381faa7605

SHA512
695b77f161b3fb63551b940d048a1dea5f49a7c0a9d92f22b4b35b52a1691ed73f9998e9b0f4ed5595c5eb59ac3543126c8ab1c09b2ac492a23025e29159c385

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\497d5195-8c72-4698-bfae-3520e2e4af1b\index-dir\the-real-index~RFe599acf.TMP

Filesize
48B

MD5
b9a8c07e3ad0e18b7b4502bf9b47d2a4

SHA1
cd9b67c41483a4f1fad197eecb15826b9a8f26fd

SHA256
0b731c6c9451357a028b0f561b6e1c01112310911b4555e36835ef3bf5e99b7b

SHA512
44acf03704043dc7cfae8a441752c6e40720377a835f8c4157d3912eaeea0e811c18fd0e5a98ed645bc9a44d791bf7a00eecbbdd1423a68c446bd735a0e26705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\index.txt

Filesize
193B

MD5
3f221db140789b84bd1e6014549cf902

SHA1
be809b202bbc6cf5449726b2556698a8d2e689e0

SHA256
f8fecbb2b03824ccdd4bdc910884469189d4c6e48b62fc2cff7da72057414836

SHA512
9fec487f5aff985300c291181d633f7ff352df3bdcf63af6f5a9909cbdd0e21b6a8a2437d1bc37ddb52840195abbbc261f98de43da798f5a338acb7c0c8195ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\index.txt

Filesize
189B

MD5
3f4b9a3eb4e05827569025707798bd53

SHA1
7036832b07078c57344fce5d5edf6f768580fb65

SHA256
9867251154801c286c080a1a210dcb900d5861ac79726e9594e235373888ae72

SHA512
6e2f9aa2b9e248213048423cee1304fdcb31bc79c95fc2c32800f3c3fce33925abeca6fb885fe1a8e7b73734cf6626d05a0d03ac01e1c07ef9db49882f7b8805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\1182b646fe1b7c2fb535f6df1b863e7a17f43db5\index.txt~RFe593b88.TMP

Filesize
97B

MD5
57873d37e33b3d53117f801cdd04cf10

SHA1
a1569d4d6831aa539a79fe83986c8c9f05331789

SHA256
8d2a575c09d6924c5e9c8120f4e125461fc41402146440045ba6b487086cd9cf

SHA512
022a3a7de2cdeb01bc7d07609a600163dc4af404fe48c0b6553df73980451491de63aa965fa660cc91cd05a4f1077f6657b82245ccc2ad6eb172d010e6e43768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
216B

MD5
3747e7f76684df2ca03a072749f72b19

SHA1
01f08d516737fd5592fd1167d111b46fa10b2855

SHA256
8a9ded38f81a938162ad727168cfcf0bcbc4a8775c00f78ddb64b97986d2736c

SHA512
e42d5a991177044be867e134e9e2f7a25d98a13189f1175f8ac6282114bb2300adac6900fc5b1a33933854b13ef3b9ac83adbc2348f656f343f4f134974e4f2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe598999.TMP

Filesize
48B

MD5
c32d08c1e200cdbb6a7eb9d62ac462ed

SHA1
cdf2ad3cb0ce9f76d9a5de67e76a7fe9cd64b262

SHA256
3d648b5cad346bc2e7d322e90e679033a27ee5f8bdc96682ed0383d501081c91

SHA512
6d0b6ba9aeba6698f42b8f95e9af45902964b66baec199e05723071ccb5ea55b1b884cc3f0d835dcda69fccdb2087971d6351267ec65e4fee5b7e143a5ac6447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6779a3107ce39ea4a110d977499ee5d6

SHA1
fc56cf45a6a930a7086f4350b5989e983af3fbae

SHA256
3634dcbf8f4ca5b7d3e8284b868858670f2edc4bfa4ff85e229255e4d74ae1fd

SHA512
e099d2416cb9867d6a2527cb6541604de6a0fde1cad2aa034801601fe69f8419462aef8d57bf2eca1088e25011ebdd7c9de0d53a81463fb22aaa32d09a56beac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
04e052a0b505bc05c97c6e174879259b

SHA1
5e4c63df025961ca3b8539f8cea370ef32470ca3

SHA256
7a2bf561b880b48d9a53b1c7fb933c833cf73c86b1cf8f83485a12523d04b97c

SHA512
d4e9b5bb51aeec1e9dd99327ce574e2a1ff299a658e8a373e264e584b51b76f232e3bf1384cf8972ebac9b0d925b089519af67f9a274698825530ffe4c94e0d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
462b915678c8f9cc241486020ca118c3

SHA1
1fd5382b565cb83c5050a5831d53dc988532d1de

SHA256
cbc03326f4dbb9bcd45fbf3cb4ed07fca8a1f4268348fcb5d777b293eaff7a1a

SHA512
b4a5893262daa1d507209ca1b8d3d1f197e9a57ddb005a9381c167b8c884165d94ab1701910301d5cc08ebb28eb554f7dbcf76d2eb68c194a64d21ca5487ecef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
97c10e1dfd3e55227873c3d659d6b486

SHA1
bd47ba38f0562ddbcbdaf6deb4374eb0a8852ecc

SHA256
391aea5337c755603656406fad871e7e958d7530d017a91c7045923aaf54c866

SHA512
5dc229efb05ab8a3ec2f734361c39431df2541ee3ff00f50ab925b493c29ab707a5964491559b4e384ec85a5dc40455b1ff300e687b1473defe4a5d4380aa3cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe581b24.TMP

Filesize
538B

MD5
167debf8611932c168370c9b9b61578e

SHA1
c1b731081f408fd4f08a1b8c3591f3254a91009d

SHA256
e09d8809e2428e26b6f75ca0659366bef27bdb832376de2d1866d24d7f3800cf

SHA512
62febbc17424db776e8ef1c6678866178f3d874a5cccaef2758cb5525cf41c83e194c8df9ef24ac3908f17dad90f9696577634acff3454a192f0ba7e0ade0d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a23f0639-544f-496a-90d3-6846eeb91df9.tmp

Filesize
1KB

MD5
1a4e88085a739cc6f17300ea97b96a49

SHA1
ab5331ea5db136a86059c97f73319b328b1d9abe

SHA256
227147a494259d14d7eb8379b105a1e189738b6e8a783807fe441623c1be928d

SHA512
330991065b22e87e9057942f266182e00f8d64b387389c8026125369d7b5f6e29696e66cf1308c748b16eea38fc483f53e12abf7691c3de9b324e76687589638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6babcfe8dda75c6b3a4ed9c494b327e3

SHA1
cf16bf5d9e0fe7da7351344a1d14655765638570

SHA256
b8ee6a1e83e81a74e90ea665c802818ce2eff08f567be0a96a12844cc9f0deca

SHA512
a81908e7f8cb88836b26ce8f0e306411095d464963d8dcbae09239f4848a6ac3d1bd50824e8a1c96da3215b7ec3e8cfae4af0db45a357d8b4b1258a77fd51d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3f69f59eef96a6092c010eedff6269ad

SHA1
69b986e8e657155d79f0aa1bfb8527a9f7a57137

SHA256
6041d222295fb906d436676d4c49fb4c4615158b6c271bb0bbe2601e4cde87c2

SHA512
c1755d864889f3e2449401fffa64d0e455659315610805dd4637fcd319d4bdbe69839bf1a27d70b37ce3bd261d71e27ffe9e42f00d6267fabc6e477d6e0cd4f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409302210241\additional_file0.tmp

Filesize
2.7MB

MD5
be22df47dd4205f088dc18c1f4a308d3

SHA1
72acfd7d2461817450aabf2cf42874ab6019a1f7

SHA256
0eef85bccb5965037a5708216b3550792e46efdfdb99ac2396967d3de7a5e0c8

SHA512
833fc291aacecd3b2187a8cbd8e5be5b4d8884d86bd869d5e5019d727b94035a46bb56d7e7734403e088c2617506553a71a7184010447d1300d81667b99310c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409302210241\assistant\assistant_installer.exe

Filesize
2.0MB

MD5
3b103a9ba068fb4f932d272d19f5619f

SHA1
8270adf6a18d0101ce54afb77179d55a78a35fc7

SHA256
7e9f5f137372bf9e13383dc06c71139d92a4a7efcb5c64c570311999ecafab15

SHA512
83011d2315dfdd8838d62b66f576259882033e28e58ffb1931f97bb0a105cce5f03a4ca6c1de88611876d038f7e2ca7be626d4e0fb689d1ed8c99c6ce9adda4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409302210241\assistant\dbgcore.dll

Filesize
166KB

MD5
612a3bebcf72256296103e034ace0236

SHA1
4e722e00e3294194224ae348477e3898c01b47b3

SHA256
3e20d38b7f1ab5dcbb1057f06f4dabf64e57b71d12a7335b4c5601b5b4a6047c

SHA512
dde0aabbe0905408c8df74fb51232b322e233dc43fc34f4ddac9a5e626359d7e4948d41f3fcbb95f0a635cbd229953757ba456a095b2b3523bb7a851663e6302

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202409302210241\assistant\dbghelp.dll

Filesize
1.7MB

MD5
3f68b6ab3dcfd45911952ed4f5d75197

SHA1
c24c63d36a26f2320ae1c70b282769fae1e18b48

SHA256
e2f7ff92d8b959239e535b1824eac0bcf21b3134418a7b0411fa0c92ab6259e4

SHA512
5e6e031c5b802f667dc846f5dddd3c3ff5ad810b6274633bf519aa07d6a4eb7cd1c810b04f9fd552e0f6c7bb7285db0d3dc64b7a5690899583ae30bdc4e3c09f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCF0BA808\setup.exe

Filesize
5.4MB

MD5
c9eaa2458c4d06ec258c79360b418430

SHA1
1452c54b8653f7f8b770a1b0c3a1b1aac045bdc5

SHA256
281460bcc97d91be23ba1e136e26e0a65f6adb759fca1d7ffdee98931aa6b21c

SHA512
bd96d07e1c434859a5242b532fe68fb24f64cd344d87af8a5e386fa3435c3e3ceffe54f79bebb73b178781fcbdf34e374d9b96872d31339a5e0fc4ca95f127e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2409302210235644800.dll

Filesize
4.8MB

MD5
f0cde99844b3289d1eb241f0324a4ac4

SHA1
66f2d0bfb4f9048d35b5b93e9e89e7a03bb3a7f7

SHA256
01e6841403ff084cc38ca19ac3db55954a0c8bc4cfeb55bb1c9c70a4a373c3c2

SHA512
68dfb6fede9fdcecb5296a38a4d11280255db75bde5f5adf8dd68c95d8fd66dbad143d13ad97aebd5511f63656a14edc8b7de01d77902faa68a7fe2af136b97a

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera_installer_ui.lck

Filesize
4B

MD5
47d65e7d0dc40ba1a0ee898528bdb6ba

SHA1
3f00fa67835fb4734c8963e4e15071b590026fea

SHA256
9c36a87f42b91081a996ea92105a76b47b675c171ed3bda9ec21bd2261fe9192

SHA512
400f2978776229276dcdd5dda6121e8161ddd7dbe3d23f32cc1bdb70cc1cf28060a7894438ba4c4d4639ec8f184743353d6b6dcb9107e94ea4aa8f287f9c68bf

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
952456a365c79158ec89bc197c189c52

SHA1
c7be5d67f4f418910a6b21529943c4c09d95979f

SHA256
aa29992e8219fe9718c68e1749cf1686f83ecfb2959a73bdb9a93d340f64c0e1

SHA512
cbaaa1ff110a1189b7853b5cd551c04a4af84dc99251809ec66de0bc8dd4b7900acc959123a3bbf0fd97dfdb4f38ab9b9d39fe55cc3de591412aabc33aa3de2f

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe

Filesize
2.1MB

MD5
ffc4e2db7c8ccf6dbcc74754340782e4

SHA1
22f6bb2b58d2f8457c78b2449df93e68a76d7f5c

SHA256
c2cc13a1992297a48b6fc046a41c67e33e5e7940885a6129349e2c5333040859

SHA512
cd4bba97de5086f21260b15133b4551128fa4d341b2ee915ff572ec31ccb730a7208c61fc70636299376fbcf3098703eadd3a66ddfc32c08a4167278d9dc4bda

Download Submit