hxxps://minecraft-launcher[.]fr[.]download[.]it/

Analysis

max time kernel
102s
max time network
148s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-01-2025 21:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://minecraft-launcher.fr.download.it/

Score

8^/10

microsoft discovery phishing spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 9 IoCs

pid	Process
3244	OperaSetup.exe
2728	setup.exe
3076	setup.exe
5240	setup.exe
5656	setup.exe
5696	setup.exe
5276	Assistant_114.0.5282.21_Setup.exe_sfx.exe
3192	assistant_installer.exe
5480	assistant_installer.exe

Loads dropped DLL 9 IoCs

pid	Process
2728	setup.exe
3076	setup.exe
5240	setup.exe
5656	setup.exe
5696	setup.exe
3192	assistant_installer.exe
3192	assistant_installer.exe
5480	assistant_installer.exe
5480	assistant_installer.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
21	static.download.it
22	static.download.it
67	download.it
14	static.download.it
20	static.download.it

Detected potential entity reuse from brand MICROSOFT.
phishing microsoft
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Assistant_114.0.5282.21_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 27321.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
2152	msedge.exe
2152	msedge.exe
3196	msedge.exe
3196	msedge.exe
820	identity_helper.exe
820	identity_helper.exe
4700	msedge.exe
4700	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	5436	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5436	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 42 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe
3196	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2728	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3196 wrote to memory of 372	3196	msedge.exe	83
PID 3196 wrote to memory of 372	3196	msedge.exe	83
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 1456	3196	msedge.exe	84
PID 3196 wrote to memory of 2152	3196	msedge.exe	85
PID 3196 wrote to memory of 2152	3196	msedge.exe	85
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86
PID 3196 wrote to memory of 2460	3196	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://minecraft-launcher.fr.download.it/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff87d4646f8,0x7ff87d464708,0x7ff87d464718
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:212
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5408 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4044 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3364 /prefetch:8
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6528 /prefetch:8
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:3904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4700
- C:\Users\Admin\Downloads\OperaSetup.exe
  "C:\Users\Admin\Downloads\OperaSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3244
- - C:\Users\Admin\AppData\Local\Temp\7zSCAC9C018\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zSCAC9C018\setup.exe --server-tracking-blob=OTBiNTQ5OThlZWU0ZjU3OGUxNmU1ZmU5OWQ2NGQyOGU2NjQwMzUxN2Q1ZDhkMTYzZjdkZDdlYjExM2RiYThmZDp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWlubm92YSZ1dG1fbWVkaXVtPWFwYiZ1dG1fY2FtcGFpZ249ZGl0IiwidGltZXN0YW1wIjoiMTczNjI4NDYxNS41OTMxIiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJkaXQiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJpbm5vdmEifSwidXVpZCI6IjI4NDAzNjk5LTc2YTEtNDM1NC1iMWI3LTIwZjc2NjBlODUyMCJ9
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious use of SetWindowsHookEx
    PID:2728
  - - C:\Users\Admin\AppData\Local\Temp\7zSCAC9C018\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zSCAC9C018\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=115.0.5322.119 --initial-client-data=0x334,0x338,0x33c,0x2e8,0x340,0x743d9d44,0x743d9d50,0x743d9d5c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3076
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5240
  - - C:\Users\Admin\AppData\Local\Temp\7zSCAC9C018\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\7zSCAC9C018\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=2728 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20250107211711" --session-guid=ffbffec9-f818-4c2c-81e4-38aa2478dd5e --server-tracking-blob=MDQxM2UyMzc2ZTk3OGQ4YWM5N2Y4M2UwZjg3NWVhNGY0YzRjYzgxNGU0Y2M5ZjRkODI5Njg5ZmEwOTU2YWI3ODp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPWlubm92YSZ1dG1fbWVkaXVtPWFwYiZ1dG1fY2FtcGFpZ249ZGl0Iiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzM2Mjg0NjE1LjU5MzEiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6ImRpdCIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Imlubm92YSJ9LCJ1dWlkIjoiMjg0MDM2OTktNzZhMS00MzU0LWIxYjctMjBmNzY2MGU4NTIwIn0= --desktopshortcut=1 --wait-for-package --initial-proc-handle=4C09000000000000
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      System Location Discovery: System Language Discovery
      PID:5656
    - - C:\Users\Admin\AppData\Local\Temp\7zSCAC9C018\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zSCAC9C018\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=115.0.5322.119 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x71e29d44,0x71e29d50,0x71e29d5c
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5696
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501072117111\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501072117111\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:5276
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501072117111\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501072117111\assistant\assistant_installer.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:3192
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501072117111\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501072117111\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0xd317a0,0xd317ac,0xd317b8
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6296 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:5900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1012 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
  2⤵
  PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:4708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7256 /prefetch:1
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=7476 /prefetch:8
  2⤵
  PID:5376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7688 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7924 /prefetch:1
  2⤵
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8056 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7632 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6812 /prefetch:1
  2⤵
  PID:3280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8108 /prefetch:1
  2⤵
  PID:448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,10829738754429215594,937351036537937960,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:1
  2⤵
  PID:4808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1076

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3e4 0x470
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
5a388d10b8dd4ff342de769c13e4a110

SHA1
34f526f7a230bfccc0f0e9ddc3c137a7ac4523db

SHA256
c2f9cd95933d813471d9e626f7b926bdcfdb5606451fe765d220e05033acf10b

SHA512
9ab38eccc07953db67c0dc29e81be014907b83def51cafefefdfd741ec12a763de4af562c8b0f8d6ea83c6e51af91479ec46785574e1a345c9e332fd77316997

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0F90096E7DCB862ED66CE39084FC7811

Filesize
727B

MD5
f7804fea2b72a5f4d309485f4df0556d

SHA1
ea8b4b4331331dc22a65d8fbfe84802c5df74433

SHA256
bd2e34f105c43aa460aa4867b7a8e9bab8c9cbd23f9c353b76c8e8b47197e756

SHA512
3554d10ad6fdd8280da58bcfd82fd765d560ab19dab8afeb2f115ea1ba5787236e641cdaecb664b8c3ba562f4e4e58d10899cf28cad7a4cd1e8ed05f0997f639

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
b43b7909fd2bd69a10b2cde95b340946

SHA1
edf522bec30e2df62ab3b722cca91a67d198fa2f

SHA256
f8bac6b305b0f1b24aa965c31e5e721d18455e67df641b8f07152db74c5ed2b8

SHA512
c66ba98609c3ed3a0b5110c0971922249a573d8568436195808bcc5e66a47cdac624896c84b8fd42015a2f86ab5460110dca4bdc2b8692a32bfbfbf4bc2e73e8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
2b3daf4457bf38e12a5a26319a880c54

SHA1
a1300dcde839992d0d6c97039a172150df1e3cfb

SHA256
230d472921593e1ea5937dc15aadf15d3cec645f56c296b4bcfafa1fad823abb

SHA512
f4c20656f34c036c1ef262a02afa86874db5454182d58ec5595d82a8e1df34846c3d21ef12157e476c06e1c64d0723d8fe942c426b1d080a536e2f18277be6f3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
471B

MD5
12656b93231f30cf35d082d198b1d422

SHA1
25a24ede9caf7e30e42c3bbed42ecdd3d0e2189e

SHA256
3b5ec14eb35e6c6829b9a3858c069e7a6fee9f142b21d04002ea81ed9116d277

SHA512
f137afbbb5fed4e995082a3e3d58b6f9a13f85472849e086ec8543ed3a6cfaa4b7c6f0452ac9a68d68effedc59616bcfff1ce983e9a011df2d85eea218fe980b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
ed8acae3f53042d0656df30583618b21

SHA1
0716ccd7c477f6e0ed8c7816e9bf3ca6461d4849

SHA256
036682571c277b77b6aa9500e04f8a9e58fd0464f59bf4188d12ee27ab668a65

SHA512
6e16dcfa70d4e215c241e1c6a280bf213762b40baf2f860fb6da3b3e09f6a44d91fb2dfc1d86580a7f990a58812e151ae04d6e6e21bfda358f0ed3e77795cc8b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0F90096E7DCB862ED66CE39084FC7811

Filesize
412B

MD5
be3fd9e6d5b22d017c4a4f6e5dee2766

SHA1
45014be35fafcbb2584af522c218c7d82c720876

SHA256
e71663c4f7254bb1ea61ce4d31a8397aa133fd61cdf0454b661b2cc3ab7f99d4

SHA512
5ab8746aa4859403311442ad27b28ea80720c1223e15edfc23ab98b49d231fabd3847e34a686cc9e2e45f35b045131795dc9a223488b7fdbd5e014e62dc3a7a5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
80b4b54b7dd0eac367e2a4c14cc3c726

SHA1
95d0373f69ff946002b394a8f7b966e6fb77aa5f

SHA256
5023cace1509457aaeb8b55f94d7d9c0fbb49867d48dac94d4e59f2b8f0c8683

SHA512
db84744f0256e9a9db94e390731330bb5987dc110a94921d2611ae53aa925fd4ecef7574d26ea6086e346eff51c2f3cd4c231a14de5802d5a1792a95956bfa90

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
c2bff5b01f1afc9882f3e2308a38db91

SHA1
adbcc3d1c306deee72ce7952890fd40c432be429

SHA256
0aafe7f417baebb614bac4bb7d879745286a1ce030eda5241b1d7177e8b50c57

SHA512
44b2a8a8ac255e9773b35bb6e57bc4edc5152cec3a9b57f95458b6033fd2a07a897ae6b876600a992c11d94b94f790e23df44cdcc3a1ffe0f534abde294aab5c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
0e6517819bf760dc941ec6b8e29ae5d8

SHA1
bd6fd5c68eb9fe260f09d2bfec59f20fdea34975

SHA256
d304654df28039133ee2943ef5aad5e5cb43c8b815580b003c52a9c3f1f9869c

SHA512
47a0103ebee301c157e31bf9244d4d63bd4c38d75476381dab9f89cd73e5cbb53222893b4f195011c26c808bbdac69d304bbcaeb30f26ca2ded5bab2e83ed42a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
19KB

MD5
7091e5fa567092375d2811bf88e6b833

SHA1
16c7f9a75d1c0624b5d23561abf08fbb250c7947

SHA256
7209537a2271d1f76360d7764e72602137c21b0d0cdd49440985c33dd690e451

SHA512
6d7ec66fd0aa2cd9e42aff4f2f64458bcc93e1b40c7b139a53da733bbe38a6032a1ad738a3920c6d5a9caa7b520b9c0498d1c608d3bb4bf74e7900d15a3f1b7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
79KB

MD5
b61545c9415c84ed10b470e0f5f046a0

SHA1
f6bf0dd21e6e08f64e6508f0c2c3971d0edc8b5a

SHA256
9fe1afd51c4a7de913185305c4ba743944476e490366450627ef10fe6545ec0b

SHA512
484ac5aa72ce083361bb491c5be2de17777f9bad6c1cabc59aadfc68b565a3865c352c0c49241df4695d8a9527c0b0ffc9685d9b59a031e35432793e9493fbf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
52KB

MD5
75449d86affa4bd22473fc71739ba8fd

SHA1
04a48b5669af034ae97bb675cbc7eb3e3133c2e2

SHA256
0b9f4195c729c6f7988025cdd6e343bfe2b3b141c640a548d69447f598f8d27c

SHA512
cab1211686468720f44e4753d468ffa2808a3d126ad138dd4cb75abe039dfddf0fd7a08e8921e1e047f6023d925c071c8f04901a25ae46f409b6926657b179c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
123KB

MD5
a75ab6545eeb7513e637e28fa4ece6eb

SHA1
e4cd405cec0b5a4efb37d625cef42fb81099247e

SHA256
ad77bc3ba47e8356099f05163fef8b4f1b044c17cf9af9741ee61cd4992566de

SHA512
1701d90770a71390533c1889ce7d9a67cc5a631879b76c5ffaac166d09c56a9778d232e95cd3e206a378573d788a4f78ff20b8a8014cf2550fa73385afbb0b8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
144KB

MD5
69a346b9210640ff196a3bb0af3b4fec

SHA1
e05eb8719e8b1ca5b62f3a9ea46aa0c9347254cc

SHA256
2ea2b5dedb7dacb32be5bc9a70fd8f4ce592a7a1bbd5c80705e33c102bbf230c

SHA512
73c4e3735be0851a2fe00530578a0fa6c4153b8438e81f321ce33b858010c68065964a5de6273ed237f28fc3a267ab7a8515c7d45877cd74ad963c1e0585dbb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
42KB

MD5
38d2eb6618eb0c687d349b720214adf0

SHA1
176c7b5a40ac942935fc559d5da02479aa2f877b

SHA256
bedf8d78fed187b461cdb53ad04502db44388bad3954b536b9bde96f1cef7485

SHA512
49585ee155796e991965867450b9babb21d90eae74a2982a5178b1a99831993bfa55c73344184b11464dd920012e4e487bb7b2daae44161b3e3a52469833c0d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
67KB

MD5
bcfda9afc202574572f0247968812014

SHA1
80f8af2d5d2f978a3969a56256aace20e893fb3f

SHA256
7c970cd163690addf4a69faf5aea65e7f083ca549f75a66d04a73cb793a00f91

SHA512
508ca6011abb2ec4345c3b80bd89979151fee0a0de851f69b7aa06e69c89f6d8c3b6144f2f4715112c896c5b8a3e3e9cd49b05c9b507602d7f0d6b10061b17bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
20KB

MD5
077e3f0d3dddb018c1e71fd8e46d2244

SHA1
b50954ed5904b533372fe39b032e6a136ca75a7d

SHA256
12ea854aa2a6588219451d4af53fcd368e24b109085062deec4e5b891e059e82

SHA512
f9cb475d16d3e8dedc6ef2feaee4f9bad365a8bb992352163a0a9f4ff9e809bf895fc0ffd59375e60a44e5c5bd1f43217177fb44ffc0cc76cc85e45a612b9b3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
25KB

MD5
bae29102b34e466d8fd937e0d183b530

SHA1
35f19f3e89a21bce8ce42ef9ed6a3529054c0542

SHA256
e068f669da00e5a533e852460bb43cc0f0d94c2a06628b2ff441b3592ed20309

SHA512
4bb7f39ccdef89e7584068fd552d0cecea67138744ea5e7ea583efa790d0ca8020646f40470e0aa4acba95ab81715ded50c5603f4923100a25170362b314223f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
22KB

MD5
2b41d3512250b9521aba871a5707cf23

SHA1
2bf8a039e31b6a549d10482f58d9ae7823ee012d

SHA256
a450a6398f0a16e5ad065b2f3e4dee62db08ec1105cf8cd025561e78db2d3692

SHA512
9c20fde1f3e0637a9ca38c72dd73f83fcb90ba54a8a4212e5654b3ccb85a2d23d0d2fafebaac871a3eb7c054ec186eaf7d46cd366fac192092276b901116704b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
42KB

MD5
883c7f1b4601defdf7603cabd5e74419

SHA1
f8e08e4e0e0b04ee3ca4fa7782caa310d62190e4

SHA256
f3f24b9eb844ac398cf0414734ce016806892b660427763539bd631a1ab6af4f

SHA512
777f25ff08cd30cec9f3a577f113a95c1720363f959d3f1274ee0d6a158d80baaccfe13d5bfe265254cf7faa7d2e5cef12abd90c5cefc1315bb5b84414a2d33c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
22KB

MD5
b90a759034a22afae7a67adbf9e74eda

SHA1
961933c68dd0ddeb741a5a3ceb111e5f1a507d8e

SHA256
6f3711a17d7b16b8586d841e77590bf6543e7c70077e0b6244f7b74adaed0e83

SHA512
1d5330a476784e0c7969d4b1d7c8b60022ba11be35449d812ca9064f4ab6ce1e0907461e8c6cb135b3fb9417ca1b54cb40eb154b558a9a2845f5dec1c2a8134d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
70KB

MD5
370078e4ee74c27fb45989a35b97baa0

SHA1
16aed3995663c6602f8c6f0402d9be44d8a2f306

SHA256
4beddad458c56676d1700c0263844f7ad07770098bb637c2bfdf92192e639941

SHA512
c128f55f0c9f34182b62514909b926415b45051867b8754da194064a09efe9805baf2ea26a560d87b3f118d05dfd80e0d2aeb11b61733ba8d176501dc3a62d87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
73KB

MD5
2de25de6b4e17fcbf779c2bcd376943a

SHA1
f943e60c211a351f6d0c78395cac7fbb033f1f46

SHA256
19cf2748b636c81a83082bd21e3bd1c00cff5507b558b47003778ca2d3d2f533

SHA512
fe873961cbdf1d38815750b804d3ff4720988be9dfca2bf0d346b430403d1bc43d6677a07ec002de1f476fc9041484be83a7548773917167b8f15666ddf39015

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
126KB

MD5
4b25d4d62527623a29385b1bd425e269

SHA1
1e3209a3b7bb0cffcfb7d6d5bc2ed3184b57a9a2

SHA256
7038a9aefc7f1830df863bf8f6dcbd3e0e0490213f0f56205c5a92a9722c8bf9

SHA512
3d74a4b58fbe2b8a5a360a33b2094c2cf179b4c7c293a96a02d299ebccea2bffac4ff58e96a5a58c36b7a85f3edcc9bcbdf350750d40e11dc7073a90e423bfda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
342KB

MD5
c5cd95d4dcf34f84c86148b15ace7aa2

SHA1
082cdf649b953715c7cb0ff375c3e9e05ff5821d

SHA256
9702ead9cd36570d349bcb422c20ac0272b67ab99d36768fe01245bae5b78ab7

SHA512
6af0da640425724cd5bd91b632590aa7565dc1ce45f0b090b84ff163c306cc017ab6137a37b866dac5cae777b4741ea1418593886cf2c2d2bfd7ff0355cfc2d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
45KB

MD5
4a4fd9b4ce84db7a8331f367154a3325

SHA1
e7ec8e4a514633a65eef57c56607b5b0f528226b

SHA256
472e2c711651b5da8fd92161d1b87db8b8382b48c13b80bcbc829f1ce4cad9f6

SHA512
e1dd801a6d0211b6cea71f8713db6cfce47683ec3ed2c0a9f1399e0d67559e6ab9ee0cf8ed4ac7b30f7a32d5a909366c9a6331fe5e38e99a28f414351a6ff740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003b

Filesize
22KB

MD5
c112287b677266a099009e268c491e51

SHA1
2eca16f23c482c6dc60d80abbe137e1a80929fd4

SHA256
6abd124eff8b43b07b82173cb0c5ccdd7b5ec4981f4274b529daa5ac4b5ef2db

SHA512
9198f322eef44bdb4d2b30991b979b5a585fdf70f64be38ac64c69de06684bfad0193a056669db3b198a241b88868bec370ab42dd01b46b6ff2e58cb794a0f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
34KB

MD5
81695946d2eeb1f86cfcedfdabd8bea9

SHA1
2da41c5b0a404a68b2dd2410a7bf418b99acd704

SHA256
dbb53c01840ffef7c47be6fbab1368cb2e5cf6d4efb194f83e79174ca15bf0c3

SHA512
3961d0b7753ff7d34d6bb06e3254b9d804ad7a202a4610a2c7d6fae40ecc54b14af7cc3118ef7eb886f032fd76bf580006741ccd7031af9f72f4620d31848d71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
16KB

MD5
1b284148691fe5dfe231ed017ecde409

SHA1
620607ee73915052a98d0069603fa5a491bcc14a

SHA256
f464a0bae4ce3f34656506531f8737a82d824a038e2e6eef1c3d9300ba2f7652

SHA512
3918c0da1b3201427e7a6b01e24d3c7e4da6ba1ea829e0047dabed34c6b673dd5a55f7c1c22b63d681dce63eaa518f63492c31f2198e76b4d4293db6ed2a67a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003e

Filesize
24KB

MD5
4d8ff5db976099a8836bc793e51d3168

SHA1
49e86270a3d0f67f93986846eeb77275ed819db5

SHA256
31e7ff0968b6b8f94720fba01c3f8e6f47693ee928371881e7d81952e3c9dc1d

SHA512
21433d680e95c735ee799e821da5bc912e25cead936d8ac0916c4bb64e2330fba5b9ffae2d57ed7a9410a0b1513d7b0b8aa524cdf13e926fd5ca00e8c2dd729d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
77KB

MD5
7eedf7765bd8547280531a200a200463

SHA1
320097b3a01053bccafd436cbd949563f31084ae

SHA256
a35c64fc40e148f627b353c5ba29841e5ffde4701ae5cc8303bfdb0fe2fea250

SHA512
259e1be5f2ebd24ae17c409ee0b1bbbfe8c5e2f20f350d789d6b459f15a6f23c9a185fe4c2afec339d68ba9b547fb8b7cc80f53cbe53546ed6c422b3c4ec7e63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
46KB

MD5
13b7eea476a75eabb7c9caf683199797

SHA1
2efa409468d33cda046af8a41eb8e4dd92915181

SHA256
a1037073b1a6c53f94017eff2c6709e94c84016e2c6eb869462ea5ad27c7bc7c

SHA512
32789a997b785e36cf74e55c3c247c19d0a13dd17ab85927ff1c09bf72bb7168441b9116d4d2096124030e48021b3fcf02bba0870945186fccae77112c679c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000041

Filesize
31KB

MD5
8fbdaacf601646bd269bb409cdc14781

SHA1
7872de2877a18f702c9af899963f1c7ba02f9433

SHA256
de6455213e01671691dab9f7d347e7a987f65100340874e5c09cb4fab8f81e84

SHA512
b4aa855b2ce10eabf97bb8e5c9400841a23fd7301d4632375bd99697c6943487a1fc00da6a5d0381102aa8882308fe396cf494cf68600ea5baea8f26db5e412f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000042

Filesize
16KB

MD5
5378f67e316e5abeaf3383ca55bb51ee

SHA1
10c7096e5030f8e912a1f2d4dc78c4ec1a854c8f

SHA256
6003b510e802c6e597d399ae3aaa716e09e413983d69489f82174c3d33d2a77e

SHA512
ec76e9c3282d060752eb6d01530ecd1d4e1403a05c1c56005ebc8a4f3f078879353b28d622715a7a48261e8c3ba6236e226075bf4ba73e019fd0a456c0e84445

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000043

Filesize
421KB

MD5
cf7f2c319554f00436869d2d923540df

SHA1
d3dfddfc11172c7c5ff22754803ae8f7f8f61aa2

SHA256
4ed5e43400ca6ef5b44487953b375c70908dbd23ecd71e8c08b36aaa8286e1b5

SHA512
f0844d66f0620dd480846fa9082d9c21985528da0a401ccdd1660ad90f8724dfccbc06ebc2b610d3adb7d6cc9d89fd0ee3e06fc8a4c995434fb6e575e0a70e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000044

Filesize
97KB

MD5
617e3649232182d0d2bfaf42e2a467ac

SHA1
96d3a8c811d45c2904af1701cc75890184cae54b

SHA256
cacb14f4eae888a36c9d7abfb83de214f6022fbb731b017277fd1dea23202623

SHA512
2d79463798ef4a55030f58b66a67402b791f6a5df4083c140b6e0a4e9d0fd8999b5c2390b0d8a5869f42265904542b842b898feb94d5029da752d825f7330f1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000045

Filesize
213KB

MD5
d615aa6e96b386cf3995d376aadb1ed3

SHA1
a511cbc658e8bf17547f354b70d9b09ed2b88b20

SHA256
c0ea7995b7a83dfdbded2ad63530a13ed12c1ea7dd5072bb7749e18db141d99d

SHA512
b8371b86afc4bfdd0fe3c9030bb929000f419d391eaa8ba0e7e775463addf06519ad2b2ceba2a7dd0439e3587602fc0ae36d957cd3b823036a475d04139a4466

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a7c002b8d79bb175d2cba172cd89ef1c

SHA1
1bae2a04abe8160ef7b1359fab96890ec99f5d8d

SHA256
d9fa800dfe3faea995ec28803d3098debeb3489e2082aba8125343fcb1580398

SHA512
aece5fbc6daa6594537b4d13623321ea015d77d25901ab0b8a9110e866c1f2792e066eec6110e078670d26498e050d9725abbaaa32196ab00b36011a03f8bc1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe59194b.TMP

Filesize
624B

MD5
28bfe93a529f662ff9a0a4ae7db57a0f

SHA1
873453ee995b962ee82c29182d5bbffa9c71d321

SHA256
0ae3ae0f8c3c50a437609555614d9826278ef585941f126c19a309e9f5777fcc

SHA512
a072cf596b16a958f9e8a2055b9c4781b3e164d420d0b81350c23e711a1fb6a1c9abfcffb5254648c9f3da8dea75097d652d559c7eff6c307f7aa50f46717e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.xbox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
3e166a7a1ad5fca4f13466fe3b3105e4

SHA1
99bfc435e0c92aad727b80ac1d74626dc719e0ec

SHA256
472bc21dff1bbf66ff40e028582b37a828c1608ecc0c30e1b52627d6a3a0ac7f

SHA512
01b86d3702d3fda5fecd949da5e7eb538d35f008507fa7507527541b4a3aa9c66df7841640e2dbd59f1a6a5ac1501ee853d6ae825291b45e3d4be545044f4fb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
ade228d2d469d38b559513fc9e754b73

SHA1
31bdcf6402be8921bbfc75503c5a65e0b5ed6882

SHA256
99f8b7c38a527487b88675f7df450f49b295fbf465b9d0c192636d13d878ad2a

SHA512
b3d95a5e83c9eef437f7293fff792e0692766f7735694db60beaa42fbf9fa1225e4d07dfa84098ec6f78b761c6a81bc45230f5a7a3f74df412bf205454fd950b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4bddb4be05d8409d2753146dda0557bd

SHA1
8bc9832115340da4af950a5f953f231b691a24bb

SHA256
242ffb9e46962af1a2df21411879774eb5c21fbbdf768d09cd33bb8ccdfa1357

SHA512
c22691243297dc7d5eaf0a0d063d6eb0e53de295f8eca0d9434d09854fd0426577500c643283d826f030a14bab79fe1576d13e8f8558dea6f00160aa370f746c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
16d47dbdd1a9fb3df5487a6ba5a55ef6

SHA1
352327d5789bab8b7e73be92b08d9d7f54bfae42

SHA256
a27a4d51a1ef0313251f5ea01e14b506ba1d4fa6738fc8ba5458872d1bf74e1d

SHA512
8762e227a2c9fd05e60fc82e6881cfe424bc015c9a47b206d50191d646e0ac4a0a1cfafec6b5eb5ab8f5f78e42e9609477b32a0caec081db5f8b180acb402d1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
eac3ddc1f0a066ce35a2a6f4bf25b7df

SHA1
bff67ad4303b86670a11b43d4d3e367ec0e2d18f

SHA256
30c6cf9019895e209f5012cd505c6992a8070f259a065e6161612c86418bdb23

SHA512
042f2aaab707a5215c482eff0910d7fff382aeaba39ddeda492fc0639fa413f7dfbfc9ad3348b908dfdf9200becdc83b5c98ff1a10d07e503826a0920b05daf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3ab4ca9d3c82053577be61aedb6ddb1b

SHA1
9925113a881670e3791c5d43375b735f1d458671

SHA256
bd4a59a4fe972f1dede72e003fd65d723adcac03326040e71ffabdc19aaa6dfe

SHA512
3824872c3979a181f470ceba418055216b5d64b1a4e2c0b32d0953d722b495f229573a80abc309dcfb14199797e91ac67d17ba0aa01ace130dfe44712c9d0238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f4ca9a6c8f2c7534be273ac6043050c9

SHA1
0660033900e8c8652b70d5a4c02b031ce14abd1a

SHA256
c25ea984c48a72c8782a3587bf793d3943fc38dbb85c3cfff3b822919644d4d5

SHA512
1a1ebbd1c031487038cc435f96543346f669329500b1b53260bbdca0f8f71d30aea1567682d265eda6a2cfd24cdc40f853250f30cc21dd4ac1f042f23be145ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
732d152e4ad80a2a4e59de99b72ee75c

SHA1
684731179d7efbe4a924b79b5c07b4e12b979bb2

SHA256
cb8b12209478858e6effee5bce679a783dc2bfe8d233c9ff641de13c50e6e64b

SHA512
64e1206224c3ddd37aa216d45e1aa42aa8037d42680213b643c513c9fb6e1757c9a4d09bd9a1369aa1549f2f7240fc6158ec72f0d60c7914e7d62d6dcec7b0bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
735adeba1ae6c87499b38a76a88e1026

SHA1
283a1a417c6788138463cc8e3a5f11c465a2a89a

SHA256
3e66943038e0b06664bb615587d05f614c216709308a5da1373a6ccb2a5a4fc2

SHA512
3040f5dc2b4c36afc494003fc99f4305d737f35575145a31fcd6a5d2de994be5e572f97d479ea1aaedaddb7e185365b3a860b1b162bc78a4be5a5672feb68ddd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
c0b46f5afa4fe138940f76d1f00b65fc

SHA1
efe0bb15db3315ae4f663043ab82af3a53a7cc5d

SHA256
528421f36818dc27b0c029f59a9cbfcf7f661e74f4d0492ce416523e4becb5c7

SHA512
5479aca86ac61b8cafe849d7b5ade4ed2cb74832889ade09576656b3050c7eebfd44ce5025762f9101ebdaa2fbbf581a147fee6e79436f23cc81bebe3916e561

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe584baa.TMP

Filesize
48B

MD5
23195d2a9c7eb3a6e140c7a9596222e7

SHA1
64bef31a64778acaaa442f7323cc6ec323b7d5ec

SHA256
5814f024e54ad13d2f420ef8737645596950936f9b270f2c02f11db5a8a8cc33

SHA512
51ca6bbd27d61aa9de5771877eeecf31d0fbf317719e70a43ec09169db89beab02a2ff9752d39c1826132b99bfbb077ea4131db310040ad9b329166f5cb17002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
dd79447c787da57b923ac9a22b25b793

SHA1
94c4afe62fa889566f83abc39bd9298cb4bdee33

SHA256
9240967056eed0457cb2a38e6c2718ec4c43884e0382292f4a7013f687874138

SHA512
e9001972fd41c8b704158d333a945b39b161ff7a8b59cb26d53d33f248503e83cb7b0c6c47eda07f5e48a4952534c419938839764b59b4f7988b20b3a1477ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bce6cfd012a9561f5497e1dd8ea24b2b

SHA1
2a72c47d667eaa2a11a02882ba19beefe8d75454

SHA256
dedf90d1a8d1d24aa3b047f83130b29cd852640cd3168cc249b92af9fac37447

SHA512
8e5afffca31b1df6916088c8895e4bb37de4ad0412a37874a9147bb64cfcff0100e0614df0b5bb02555a64bdc3eab83418d1304c1dfea45170dcd3b66f93273f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
9117b180e8ee0e5aa60e204701001499

SHA1
8024151292785255000d45edc897ca1351ca6c09

SHA256
c6a211bce692de8ffca78deb3bb73b41b94a2781345429fa63a123bc2fecfc43

SHA512
5a9f2e8815a073f2ff08e8b92f3542b255153925b409aa01cf40e1dcc6dfce3a122d5144050697bb6c388b9ecd159becab72d8a03519169c46d7c6a3a5fbea1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
39b40a568d041e1221d79772787a2b25

SHA1
09c076153ad6895943e2b6f40acdb42faabe99ce

SHA256
9f767c0bd12b46146b9fc1228aa88f05ed0e17c4eda41361aae2184a9fe54055

SHA512
1718d4e4579b2016834640fbccf8c302115d9bda5a40a9081d09b33e8db3660404a5c135275a21048c0b175e1a168ea6748c9e825daad041b60606ac4cc83035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582016.TMP

Filesize
538B

MD5
e3d7f3a25382e95053414620c9ab3ff1

SHA1
af53b48dfeef608d77a3203add2c9cc221719a7f

SHA256
d8f66cde9fa5da29ab66c20e39dab7265eb76a0199458825551c319078f5088d

SHA512
bb30f3c4e0e54506d2706e3720eb832237773cfad8421e1f8d1dd72f849db40650cc5f4cd9c8902b6d194ac4729ea6877776f138b89a33b0808a08e9a32162ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c3440ae7001d0921d1b335dd02f763fe

SHA1
5083febde1780d117d7d0cb4d49b63551f3a5507

SHA256
cbebffa1c37c40db43d888f740e9c8036d03721838fbbb98c1e6bdc5dccd551a

SHA512
96d86f43da386f6febd8eaaa86bebed6b8d5cfc18ef05003e5d0b14528f439c1d98b2adf52118ac897a00076bf328a234929494653b812b78e59839ff2643f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ae0a4536ef6f22f79af3b463e203dc0a

SHA1
0e03d74a778f2f27ad18aaafeff253271e9df36c

SHA256
040186d03e1c79c38fd915c739d8abb4f10080d551e272e4bd7c69fb244e871e

SHA512
ff8591c597910187c428d911392ca93c0e0973679362d6d919ffe21d75a3a4a7ee5c52fb6d0c3396819453f47dbcb2b0e8ad6df64038ec856f2a36a92674c11e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f32d5b8754ca33816e270c9546cc238f

SHA1
dfbf1cadc514c863bc8463e6a7c963844a5339b1

SHA256
9b02970362d67b6b3fda3ff59735108f0c0e9883a8ca9c4cb90ab75589a8b9f1

SHA512
f2dd07a93fd2798bce5fd6367f40d8dfad6ead24dc4c4d7801b2cd37069bf27e7d632acd41a760fc8abbb98b37d6b8a4182ab1529e8c08399bfdbda41db96d6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501072117111\additional_file0.tmp

Filesize
2.7MB

MD5
be22df47dd4205f088dc18c1f4a308d3

SHA1
72acfd7d2461817450aabf2cf42874ab6019a1f7

SHA256
0eef85bccb5965037a5708216b3550792e46efdfdb99ac2396967d3de7a5e0c8

SHA512
833fc291aacecd3b2187a8cbd8e5be5b4d8884d86bd869d5e5019d727b94035a46bb56d7e7734403e088c2617506553a71a7184010447d1300d81667b99310c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501072117111\assistant\assistant_installer.exe

Filesize
2.0MB

MD5
3b103a9ba068fb4f932d272d19f5619f

SHA1
8270adf6a18d0101ce54afb77179d55a78a35fc7

SHA256
7e9f5f137372bf9e13383dc06c71139d92a4a7efcb5c64c570311999ecafab15

SHA512
83011d2315dfdd8838d62b66f576259882033e28e58ffb1931f97bb0a105cce5f03a4ca6c1de88611876d038f7e2ca7be626d4e0fb689d1ed8c99c6ce9adda4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501072117111\assistant\dbgcore.dll

Filesize
166KB

MD5
612a3bebcf72256296103e034ace0236

SHA1
4e722e00e3294194224ae348477e3898c01b47b3

SHA256
3e20d38b7f1ab5dcbb1057f06f4dabf64e57b71d12a7335b4c5601b5b4a6047c

SHA512
dde0aabbe0905408c8df74fb51232b322e233dc43fc34f4ddac9a5e626359d7e4948d41f3fcbb95f0a635cbd229953757ba456a095b2b3523bb7a851663e6302

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202501072117111\assistant\dbghelp.dll

Filesize
1.7MB

MD5
3f68b6ab3dcfd45911952ed4f5d75197

SHA1
c24c63d36a26f2320ae1c70b282769fae1e18b48

SHA256
e2f7ff92d8b959239e535b1824eac0bcf21b3134418a7b0411fa0c92ab6259e4

SHA512
5e6e031c5b802f667dc846f5dddd3c3ff5ad810b6274633bf519aa07d6a4eb7cd1c810b04f9fd552e0f6c7bb7285db0d3dc64b7a5690899583ae30bdc4e3c09f

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zSCAC9C018\setup.exe

Filesize
5.5MB

MD5
71ad4fff7c190194c8a544776b54dcc5

SHA1
088b5a1acf87ddd917c1094d09a039e886df1f32

SHA256
37490d7b909307cf474a081d16d87320bfc05cd0d382b4ce0d2aec4459cea9d9

SHA512
fdf302eddba55c899883efe11df17977529dad6dc6d4c73e3811c01f98c9677de25a02c3aafa772dca78ed6d59a8bd062fec521d7ce385458dec02b4c971a557

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2501072117089592728.dll

Filesize
5.0MB

MD5
41daedcda16a5341463070dbac45624a

SHA1
8a2f6b3653d92a09a49baece476b53988fbf0c52

SHA256
733701d47b47b544d0b96343b521266702bd8e43edcb7c799c9cbaf07c7e3838

SHA512
7ebf69ed5d16ea1909890e6b714630975bc2cc7e3e4075c903ce6c33901b300ff632b1bbdf61558e4487d6fff3d7db78122a0bfa82e4cd57057685e1d1f7d159

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
3fbe1f59cf6eeff8a6a8b8b73680c5d3

SHA1
ac781cdfa571a447da69d5230054866dbbf5fa7d

SHA256
ad1590db395f12d52aba441a296eff1fcc90bc2e349f9be52c6c2f29d4fd9ba6

SHA512
d823e78cd52ff4c3dd2fe47f470b1663c3f158e72de169806b2d9113753d8bb8fd173883fa6433460a8a1ca5d544134badade1e2761fe59a57b73d68f0e92203

Download Submit
C:\Users\Admin\Downloads\OperaSetup.exe

Filesize
2.1MB

MD5
12836495659c5ffceb66b89d60a4dd39

SHA1
4e4e4b8cb3ebf311b27ea98381a53ae8365d75ae

SHA256
dc39d7039da4bbf650cfd8c336cf1ced938586ee8727716da3c167d86b033f90

SHA512
f59315fede4147017e1579d68ed9c6ef20a8e7a8eab66678ee2b5b1701a2b7635985b3a3d9b675c9826e838ecbc9075f878d735889382db8c4f87db735b66061

Download Submit