7e49e00be1992fbc4ac14f2e5e3c05dccadf8fba3c3936357d8df7f146f5f0a3

Resubmissions

03/02/2023, 00:48

230203-a55pnshd53 8

03/02/2023, 00:39

230203-az46yscf2t 8

31/01/2023, 20:06

230131-yvhzxsca3x 8

Analysis

max time kernel
156s
max time network
199s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
31/01/2023, 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.871-Installer-1.0.6.exe
Size

23.7MB
MD5

49fb0f13cdb8d7cad1487889b6becced
SHA1

b71d98ec45e6f7314f0e33106485beef99b2ee7c
SHA256

7e49e00be1992fbc4ac14f2e5e3c05dccadf8fba3c3936357d8df7f146f5f0a3
SHA512

639fa23294556bf77080d420e7e1b5b7c07a8b1e93897c36a4f8e398c1c58de9b91636420102e68f6957c768793797728664e32dc38aa68315746882b4ebe1d9
SSDEEP

393216:XX921sp/n85Pfs/dQETVlOBbpFEj9GZ1GphRqV56Hpk7IXOzDnKI17fyV5:XN8s18hHExiTI3qqHp6zvKcfyV5

Score

8^/10

discovery spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 19 IoCs

pid	Process
4580	irsetup.exe
1012	AdditionalExecuteTL.exe
2532	irsetup.exe
1764	opera-installer-bro.exe
2556	opera-installer-bro.exe
4620	opera-installer-bro.exe
1388	opera-installer-bro.exe
3972	opera-installer-bro.exe
4388	_sfx.exe
4732	assistant_installer.exe
2604	assistant_installer.exe
4864	TLauncher.exe
2552	TLauncher.exe
3084	TLauncher.exe
4700	TLauncher.exe
2600	TLauncher.exe
2392	installer.exe
388	TLauncher.exe
2908	installer.exe

UPX packed file 22 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0009000000023197-133.dat	upx
behavioral1/files/0x0009000000023197-134.dat	upx
behavioral1/memory/4580-137-0x0000000000300000-0x00000000006E8000-memory.dmp	upx
behavioral1/memory/4580-142-0x0000000000300000-0x00000000006E8000-memory.dmp	upx
behavioral1/files/0x00060000000232b6-147.dat	upx
behavioral1/files/0x00060000000232b6-148.dat	upx
behavioral1/memory/2532-151-0x00000000009E0000-0x0000000000DC8000-memory.dmp	upx
behavioral1/files/0x00060000000232b9-154.dat	upx
behavioral1/files/0x00060000000232b9-155.dat	upx
behavioral1/memory/1764-156-0x0000000000400000-0x0000000000908000-memory.dmp	upx
behavioral1/files/0x00060000000232b9-159.dat	upx
behavioral1/memory/2532-160-0x00000000009E0000-0x0000000000DC8000-memory.dmp	upx
behavioral1/memory/2556-162-0x0000000000400000-0x0000000000908000-memory.dmp	upx
behavioral1/files/0x00060000000232c9-165.dat	upx
behavioral1/files/0x00060000000232c9-164.dat	upx
behavioral1/memory/4620-167-0x0000000000400000-0x0000000000908000-memory.dmp	upx
behavioral1/files/0x00060000000232b9-169.dat	upx
behavioral1/files/0x00060000000232b9-174.dat	upx
behavioral1/memory/1388-177-0x0000000000400000-0x0000000000908000-memory.dmp	upx
behavioral1/memory/3972-178-0x0000000000400000-0x0000000000908000-memory.dmp	upx
behavioral1/memory/1764-179-0x0000000000400000-0x0000000000908000-memory.dmp	upx
behavioral1/memory/4580-199-0x0000000000300000-0x00000000006E8000-memory.dmp	upx

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	irsetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	TLauncher-2.871-Installer-1.0.6.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	irsetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	AdditionalExecuteTL.exe

Loads dropped DLL 11 IoCs

pid	Process
4580	irsetup.exe
4580	irsetup.exe
4580	irsetup.exe
2532	irsetup.exe
1764	opera-installer-bro.exe
2556	opera-installer-bro.exe
4620	opera-installer-bro.exe
1388	opera-installer-bro.exe
3972	opera-installer-bro.exe
2392	installer.exe
2908	installer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 3 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	opera-installer-bro.exe
File opened (read-only)	\??\D:	opera-installer-bro.exe
File opened (read-only)	\??\D:	installer.exe

Drops file in Program Files directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	javaw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 36 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Applications\opera.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\Launcher.exe\" \"%1\""	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable\FriendlyTypeName = "Opera Web Document"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable\URL Protocol	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable\shell\open	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.opdownload\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.opdownload	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.xht\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Applications\opera.exe	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\Launcher.exe,0"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\Launcher.exe\" -noautoupdate -- \"%1\""	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.opdownload\OpenWithProgIDs\OperaStable = "0"	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.htm\OpenWithProgids\OperaStable = "0"	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.html\OpenWithProgids\OperaStable = "0"	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.xhtml\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable\shell\open\ddeexec\	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.xhtml	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Applications	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Applications\opera.exe\shell\open	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable\shell\open\ddeexec\Topic\	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.pdf\OpenWithProgids\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.shtml	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.xht	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.xht\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable\shell\open\ddeexec\Application	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.xhtml\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Applications\opera.exe\shell\open\command	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable\shell\open\command	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable\shell\open\ddeexec\Topic	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.shtml\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable\DefaultIcon	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable\shell	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable\shell\open\ddeexec	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\OperaStable\shell\open\ddeexec\Application\	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\.shtml\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000_Classes\Applications\opera.exe\shell	installer.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe

Suspicious use of SetWindowsHookEx 29 IoCs

pid	Process
4580	irsetup.exe
4580	irsetup.exe
4580	irsetup.exe
4580	irsetup.exe
4580	irsetup.exe
4580	irsetup.exe
4580	irsetup.exe
1012	AdditionalExecuteTL.exe
2532	irsetup.exe
2532	irsetup.exe
2532	irsetup.exe
1764	opera-installer-bro.exe
2556	opera-installer-bro.exe
4620	opera-installer-bro.exe
1388	opera-installer-bro.exe
3972	opera-installer-bro.exe
4388	_sfx.exe
4732	assistant_installer.exe
2604	assistant_installer.exe
4864	TLauncher.exe
4324	javaw.exe
1948	javaw.exe
4324	javaw.exe
4324	javaw.exe
4324	javaw.exe
4324	javaw.exe
2392	installer.exe
2908	installer.exe
4980	javaw.exe

Suspicious use of WriteProcessMemory 52 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 4580	4816	TLauncher-2.871-Installer-1.0.6.exe	81
PID 4816 wrote to memory of 4580	4816	TLauncher-2.871-Installer-1.0.6.exe	81
PID 4816 wrote to memory of 4580	4816	TLauncher-2.871-Installer-1.0.6.exe	81
PID 4580 wrote to memory of 1012	4580	irsetup.exe	91
PID 4580 wrote to memory of 1012	4580	irsetup.exe	91
PID 4580 wrote to memory of 1012	4580	irsetup.exe	91
PID 1012 wrote to memory of 2532	1012	AdditionalExecuteTL.exe	92
PID 1012 wrote to memory of 2532	1012	AdditionalExecuteTL.exe	92
PID 1012 wrote to memory of 2532	1012	AdditionalExecuteTL.exe	92
PID 2532 wrote to memory of 1764	2532	irsetup.exe	93
PID 2532 wrote to memory of 1764	2532	irsetup.exe	93
PID 2532 wrote to memory of 1764	2532	irsetup.exe	93
PID 1764 wrote to memory of 2556	1764	opera-installer-bro.exe	95
PID 1764 wrote to memory of 2556	1764	opera-installer-bro.exe	95
PID 1764 wrote to memory of 2556	1764	opera-installer-bro.exe	95
PID 1764 wrote to memory of 4620	1764	opera-installer-bro.exe	96
PID 1764 wrote to memory of 4620	1764	opera-installer-bro.exe	96
PID 1764 wrote to memory of 4620	1764	opera-installer-bro.exe	96
PID 1764 wrote to memory of 1388	1764	opera-installer-bro.exe	97
PID 1764 wrote to memory of 1388	1764	opera-installer-bro.exe	97
PID 1764 wrote to memory of 1388	1764	opera-installer-bro.exe	97
PID 1388 wrote to memory of 3972	1388	opera-installer-bro.exe	98
PID 1388 wrote to memory of 3972	1388	opera-installer-bro.exe	98
PID 1388 wrote to memory of 3972	1388	opera-installer-bro.exe	98
PID 1764 wrote to memory of 4388	1764	opera-installer-bro.exe	101
PID 1764 wrote to memory of 4388	1764	opera-installer-bro.exe	101
PID 1764 wrote to memory of 4388	1764	opera-installer-bro.exe	101
PID 1764 wrote to memory of 4732	1764	opera-installer-bro.exe	102
PID 1764 wrote to memory of 4732	1764	opera-installer-bro.exe	102
PID 1764 wrote to memory of 4732	1764	opera-installer-bro.exe	102
PID 4732 wrote to memory of 2604	4732	assistant_installer.exe	103
PID 4732 wrote to memory of 2604	4732	assistant_installer.exe	103
PID 4732 wrote to memory of 2604	4732	assistant_installer.exe	103
PID 4580 wrote to memory of 4864	4580	irsetup.exe	104
PID 4580 wrote to memory of 4864	4580	irsetup.exe	104
PID 4580 wrote to memory of 4864	4580	irsetup.exe	104
PID 4864 wrote to memory of 4324	4864	TLauncher.exe	105
PID 4864 wrote to memory of 4324	4864	TLauncher.exe	105
PID 2552 wrote to memory of 1948	2552	TLauncher.exe	107
PID 2552 wrote to memory of 1948	2552	TLauncher.exe	107
PID 2600 wrote to memory of 3120	2600	TLauncher.exe	113
PID 2600 wrote to memory of 3120	2600	TLauncher.exe	113
PID 3084 wrote to memory of 4980	3084	TLauncher.exe	111
PID 3084 wrote to memory of 4980	3084	TLauncher.exe	111
PID 4700 wrote to memory of 4900	4700	TLauncher.exe	112
PID 4700 wrote to memory of 4900	4700	TLauncher.exe	112
PID 1388 wrote to memory of 2392	1388	opera-installer-bro.exe	114
PID 1388 wrote to memory of 2392	1388	opera-installer-bro.exe	114
PID 388 wrote to memory of 4936	388	TLauncher.exe	116
PID 388 wrote to memory of 4936	388	TLauncher.exe	116
PID 2392 wrote to memory of 2908	2392	installer.exe	117
PID 2392 wrote to memory of 2908	2392	installer.exe	117

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe" "__IRCT:3" "__IRTSS:24870711" "__IRSID:S-1-5-21-4246620582-653642754-1174164128-1000"
  2⤵
  - Executes dropped EXE
  - Checks computer location settings
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4580
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
    3⤵
    - Executes dropped EXE
    - Checks computer location settings
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:1012
  - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-4246620582-653642754-1174164128-1000"
      4⤵
      Executes dropped EXE
      Checks computer location settings
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:2532
    - - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Modifies system certificate store
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1764
      - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x350,0x354,0x358,0x328,0x304,0x6ec18658,0x6ec18668,0x6ec18674
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2556
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:4620
      - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1764 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230131210725" --session-guid=7f73b7f0-c789-4c62-9f77-c6933a28e155 --server-tracking-blob=ZjQwZGE4MzU0ZjJhZjFiZGE0Zjg3NjE2ZDg0NjI5YjlhYjkzNjE5MzI3NWE1NzM0NTA2ODA4NDc5MTg1MjdmMjp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzUxOTU2NDMuOTIxNCIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiZDJmNTY5MWUtMzkxZS00NzViLWJiNjEtNmY1MDIxMzMyYTVhIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=B005000000000000
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1388
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6e158658,0x6e158668,0x6e158674
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:3972
        
        C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe" --backend --initial-pid=1764 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301312107251" --session-guid=7f73b7f0-c789-4c62-9f77-c6933a28e155 --server-tracking-blob=ZjQwZGE4MzU0ZjJhZjFiZGE0Zjg3NjE2ZDg0NjI5YjlhYjkzNjE5MzI3NWE1NzM0NTA2ODA4NDc5MTg1MjdmMjp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzUxOTU2NDMuOTIxNCIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiZDJmNTY5MWUtMzkxZS00NzViLWJiNjEtNmY1MDIxMzMyYTVhIn0= --silent --desktopshortcut=1 --install-subfolder=94.0.4606.76
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Modifies registry class
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2392
        
        C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe
        
        C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x2b8,0x2bc,0x2c0,0x294,0x2c4,0x7ffb80632c98,0x7ffb80632ca8,0x7ffb80632cb8
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2908
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301312107251\assistant\_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301312107251\assistant\_sfx.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4388
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301312107251\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301312107251\assistant\assistant_installer.exe" --version
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4732
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301312107251\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301312107251\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2cc,0x2fc,0x332dc0,0x332dd0,0x332ddc
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2604
- - C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
    "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:4864
  - - C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:4324

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2552
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
  2⤵
  - Drops file in Program Files directory
  - Suspicious use of SetWindowsHookEx
  PID:1948

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3084
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:4980

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2600
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
  2⤵
  PID:3120
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe /C chcp 437 & wmic qfe get HotFixID
    3⤵
    PID:4028

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4700
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
  2⤵
  PID:4900
- - C:\Windows\SYSTEM32\cmd.exe
    cmd.exe /C chcp 437 & wmic qfe get HotFixID
    3⤵
    PID:3652

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:388
- C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
  "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
  2⤵
  PID:4936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
2499aa72e1cb79a9cd786f82676e82e4

SHA1
0a91ef6d87b506e541d74321efd0b1098083640f

SHA256
319da7f9be6edc810a7b6f1db10004013056bbb0d089f9d0973c66e31f8e72da

SHA512
b39cebd66e80ae0119e8624ba4c2306baf7a424517cb392ce545ac8edb53ac49ff74bbf35feb2fe13ec7f3b71b947da474edc05d8a6653e16364da77fccecbf5

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
38b5d54ffc3d2d20393a06de8dcafdd1

SHA1
2c0ccf22447dfed3954e81aa5d5bc7538be6ec93

SHA256
d3f029bdae91c1a95402c4e8e1aa4a68a8d30abecbc4657f0d1baf00ec6005f2

SHA512
4299b2a1aa2f19aff36a11f33188503ae21c6ec9e9ee928884e09d6b0eb68416f50da6f34643ed7c84a9ba410194436c0c906c04b1a96f2955ef6100575b9a68

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
14948375c38871f97a5492698775d214

SHA1
8ad5a6c2f86037661c404392069abfed93e1ec69

SHA256
feb3ad41c233268d7648233fb2d8cd0d48433293af7eb3ad7bee573bbfcb6c9c

SHA512
a2596d1e01f1ae841f50141b3fecac264865994bf95f4418960fd967598d38534f1f5b05286ff3e750949be1623f9ba33dc05685725b1e1a97c39aa6c0d4dfd1

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
14948375c38871f97a5492698775d214

SHA1
8ad5a6c2f86037661c404392069abfed93e1ec69

SHA256
feb3ad41c233268d7648233fb2d8cd0d48433293af7eb3ad7bee573bbfcb6c9c

SHA512
a2596d1e01f1ae841f50141b3fecac264865994bf95f4418960fd967598d38534f1f5b05286ff3e750949be1623f9ba33dc05685725b1e1a97c39aa6c0d4dfd1

Download Submit
C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp

Filesize
50B

MD5
5a02f8dd70f62d535db5db55c890d87f

SHA1
5cd6c48f9d2caeec031d178b038a5a441ec0ebc0

SHA256
74b8ee6fa1db8e2bdfa11fd9196a8570d73c72cc7e83aefa9703bd54b7f39471

SHA512
e27f0e981f73d400c05f042285131e188e2fd62042078226f5a33ba72e43679e06d22d7f8430cf2f86b57426ea615a906733e2c56e375d134869f8d9db8da406

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
471B

MD5
9cbb254ca8da5a4099c66d7dce2d69de

SHA1
3f328e1410c5c4ea2fa2b387dbef7c6479ea258c

SHA256
f6cad04bfeb909acd5c89c6137fd33b267fa2e021553b3515c82e9d7cfb3fc58

SHA512
93fe3387c563d18ea2f9cb96f1d868d1d5a26c0490126242279a6f39a2df53311fc9806ee14b4b0301195a17dd75abc318695aa0a328330820e8fc20b6fed4a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
434B

MD5
5d4ab265e260c6f4bb7ca1502ea46439

SHA1
b11cec6446dddc6a2747f6e4404df3bcde59f738

SHA256
3f6f96f8e9300f11a78f7262a69a1d376e1cd09a6bea8afdae79b67eec3f4154

SHA512
7804ff3289968f75b7f73d3f8b9e1906e9e745cc96738e9a0c1403b35ce50f3a1917543da26f8e038169906be37926d31b2b7c5e1d99e48ed5ba9686e3cf53d6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe

Filesize
6.0MB

MD5
a8438e013ced50f10d2746e88b3ccd8b

SHA1
548d7ae808404384d7318f475ced137c48e75c84

SHA256
826fe9ef17bd606029fe8d725855d90b6f35c73ae2ef7aae0c7e38e7b7bb9e33

SHA512
b77eb14e4cf719ea4c247b59eced0601d3074c70889ec1cc70e68448f3e2e707cebf4dde3bb489b5666ab23601b8fc4b4dcc5dd0904a12c8bf47c8377099b9ce

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe

Filesize
6.0MB

MD5
a8438e013ced50f10d2746e88b3ccd8b

SHA1
548d7ae808404384d7318f475ced137c48e75c84

SHA256
826fe9ef17bd606029fe8d725855d90b6f35c73ae2ef7aae0c7e38e7b7bb9e33

SHA512
b77eb14e4cf719ea4c247b59eced0601d3074c70889ec1cc70e68448f3e2e707cebf4dde3bb489b5666ab23601b8fc4b4dcc5dd0904a12c8bf47c8377099b9ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
5d18d85cc877cb39c9abf7fd3c0110eb

SHA1
849e1d046140db2a78c26764a9291d13bf60ca2f

SHA256
b2bbe3201bd57f28a50ad18ac00097e210d21aafd3f7a7cc32fb908ae3318166

SHA512
d9b453ee72ecbcfb7a394182c74dc6ce961eb000467625c9a95d105f54f1068dcbe7aa129e1bc8d973a078a0f72c6cc53d5541bb5014cd761df8e5a5326720fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
5d18d85cc877cb39c9abf7fd3c0110eb

SHA1
849e1d046140db2a78c26764a9291d13bf60ca2f

SHA256
b2bbe3201bd57f28a50ad18ac00097e210d21aafd3f7a7cc32fb908ae3318166

SHA512
d9b453ee72ecbcfb7a394182c74dc6ce961eb000467625c9a95d105f54f1068dcbe7aa129e1bc8d973a078a0f72c6cc53d5541bb5014cd761df8e5a5326720fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301312107251\assistant\_sfx.exe

Filesize
1.7MB

MD5
0238df215bf6943892daf85de8ad433a

SHA1
3d905e4e2c0e9170df61b7a199321847691f945e

SHA256
a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

SHA512
fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301312107251\assistant\_sfx.exe

Filesize
1.7MB

MD5
0238df215bf6943892daf85de8ad433a

SHA1
3d905e4e2c0e9170df61b7a199321847691f945e

SHA256
a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

SHA512
fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301312107251\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
9df6e2fbb7e38964f35016bf91ef7424

SHA1
d0c1266dc46814bc6165cf6a69e90581228989a7

SHA256
3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

SHA512
b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301312107251\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
9df6e2fbb7e38964f35016bf91ef7424

SHA1
d0c1266dc46814bc6165cf6a69e90581228989a7

SHA256
3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

SHA512
b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301312107251\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
9df6e2fbb7e38964f35016bf91ef7424

SHA1
d0c1266dc46814bc6165cf6a69e90581228989a7

SHA256
3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

SHA512
b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301312107251\opera_package

Filesize
86.7MB

MD5
038275aad393989e8c0b6634da083fc7

SHA1
65b4ebd22a289935b71d41077a06eeda11eed154

SHA256
ac96d0fca59c713690e2dd0d899c90d0c27ad4784f8425656ae14aefdaca3d05

SHA512
2dd5bdfa1e500232ac0ac06030db3b73b3a5af2a8d9fa1601913deeb853ec99249387bc96f5efa25919fa3ef2bf1c512e21dd07b2baecccacfa90548cd21a4d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301312107251\pref_default_overrides

Filesize
57B

MD5
f488c9f9d9d5e631484d4bf155f45442

SHA1
0f0e624770e47bea5186748a9de85c677dd84fa7

SHA256
e6f214ff5ccbbe6e7abcf309138cdcb46d3fe3915e9bbbe8dd3c15afb439f708

SHA512
d72d1daa86e650a0589f6991f7a7bb3b7ca3484d49bc0d0d703b28b8f399f3123df2bf3c949a899fab55bde7d888736f655e462e2cd02ade59bbf9e67df54064

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2301312107230981764.dll

Filesize
4.3MB

MD5
832ae69091fba73338df9103db4f8be1

SHA1
d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

SHA256
191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

SHA512
b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2301312107237232556.dll

Filesize
4.3MB

MD5
832ae69091fba73338df9103db4f8be1

SHA1
d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

SHA256
191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

SHA512
b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2301312107257704620.dll

Filesize
4.3MB

MD5
832ae69091fba73338df9103db4f8be1

SHA1
d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

SHA256
191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

SHA512
b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2301312107259571388.dll

Filesize
4.3MB

MD5
832ae69091fba73338df9103db4f8be1

SHA1
d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

SHA256
191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

SHA512
b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2301312107261453972.dll

Filesize
4.3MB

MD5
832ae69091fba73338df9103db4f8be1

SHA1
d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

SHA256
191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

SHA512
b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2301312108479462392.dll

Filesize
5.3MB

MD5
9b04d6bc0a44cb92ca307e730c0873ca

SHA1
85ac75c07b9798668b3273de693e4556eb198bcf

SHA256
fdb050d2fa5ca39d5e666adeedcb1aa28a4c6356706e6ed6d4fb18e4103af5e2

SHA512
5f496ad175cd49cf9cb095f3bd0fa4f0227e319e045f32ce8f77380f2a2a4b5b9425b5161a69172b74aeea0667b59fe7fa01d1eea0f39971d3c357ccb9870ead

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2301312109158372908.dll

Filesize
5.3MB

MD5
9b04d6bc0a44cb92ca307e730c0873ca

SHA1
85ac75c07b9798668b3273de693e4556eb198bcf

SHA256
fdb050d2fa5ca39d5e666adeedcb1aa28a4c6356706e6ed6d4fb18e4103af5e2

SHA512
5f496ad175cd49cf9cb095f3bd0fa4f0227e319e045f32ce8f77380f2a2a4b5b9425b5161a69172b74aeea0667b59fe7fa01d1eea0f39971d3c357ccb9870ead

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
ec4efe0ebb80b619737bd26180cc76cc

SHA1
7fd72c0eb6bee289e4b2714cf1fb8c197754811b

SHA256
b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

SHA512
384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
ec4efe0ebb80b619737bd26180cc76cc

SHA1
7fd72c0eb6bee289e4b2714cf1fb8c197754811b

SHA256
b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

SHA512
384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
5d18d85cc877cb39c9abf7fd3c0110eb

SHA1
849e1d046140db2a78c26764a9291d13bf60ca2f

SHA256
b2bbe3201bd57f28a50ad18ac00097e210d21aafd3f7a7cc32fb908ae3318166

SHA512
d9b453ee72ecbcfb7a394182c74dc6ce961eb000467625c9a95d105f54f1068dcbe7aa129e1bc8d973a078a0f72c6cc53d5541bb5014cd761df8e5a5326720fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
5d18d85cc877cb39c9abf7fd3c0110eb

SHA1
849e1d046140db2a78c26764a9291d13bf60ca2f

SHA256
b2bbe3201bd57f28a50ad18ac00097e210d21aafd3f7a7cc32fb908ae3318166

SHA512
d9b453ee72ecbcfb7a394182c74dc6ce961eb000467625c9a95d105f54f1068dcbe7aa129e1bc8d973a078a0f72c6cc53d5541bb5014cd761df8e5a5326720fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
5d18d85cc877cb39c9abf7fd3c0110eb

SHA1
849e1d046140db2a78c26764a9291d13bf60ca2f

SHA256
b2bbe3201bd57f28a50ad18ac00097e210d21aafd3f7a7cc32fb908ae3318166

SHA512
d9b453ee72ecbcfb7a394182c74dc6ce961eb000467625c9a95d105f54f1068dcbe7aa129e1bc8d973a078a0f72c6cc53d5541bb5014cd761df8e5a5326720fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
5d18d85cc877cb39c9abf7fd3c0110eb

SHA1
849e1d046140db2a78c26764a9291d13bf60ca2f

SHA256
b2bbe3201bd57f28a50ad18ac00097e210d21aafd3f7a7cc32fb908ae3318166

SHA512
d9b453ee72ecbcfb7a394182c74dc6ce961eb000467625c9a95d105f54f1068dcbe7aa129e1bc8d973a078a0f72c6cc53d5541bb5014cd761df8e5a5326720fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
5d18d85cc877cb39c9abf7fd3c0110eb

SHA1
849e1d046140db2a78c26764a9291d13bf60ca2f

SHA256
b2bbe3201bd57f28a50ad18ac00097e210d21aafd3f7a7cc32fb908ae3318166

SHA512
d9b453ee72ecbcfb7a394182c74dc6ce961eb000467625c9a95d105f54f1068dcbe7aa129e1bc8d973a078a0f72c6cc53d5541bb5014cd761df8e5a5326720fc

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

Filesize
647B

MD5
b94885355c09e58781884df4dc1ae5a0

SHA1
002e12bb2869ce3dc7a8227eb54b41d5a68f5f30

SHA256
e6926ccc2617d6a4a1f7d43ae96127c1b2967d9a8584746520a2954411c09aea

SHA512
4e5ac1e82ac0901db77fc75737d8749424f42b3076bd138e13406454347062d66254a39d095546db81eb20a8af105390106f1cd6074f5f20c1aefc7c3fc7b672

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\doubleRunningProtection.txt

Filesize
13B

MD5
47e1a929820053a73d376cd6caed7d46

SHA1
9874d45b5b56abaa2798c5c6f4096917368fe80d

SHA256
8970938c3075a3bd0a77b0844b88b223648d5af3aed2ce478e236d282745a71d

SHA512
41431819b2b772177e82f2d1f374791fb95677fc6e2fc07509019385ded724a70f9617c3be52555765e4771bca3b3d464fbaf8e96a5c06ff22349437013e111b

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\doubleRunningProtection.txt

Filesize
13B

MD5
77c57bed3e8b3f6b807c1186fe20d38d

SHA1
1108cc948bf82375119aa902bc217548d3417a63

SHA256
6aec9f5efccddc0466e0c623cc05b95a8c564f0c1a4fe6995435a25318019109

SHA512
443557ddc26a4a1dcb878e09e94d058f2fb5ea2299e6d9463468d70636d3f22b95a48cbd14b2c2af88e7d2fc2f5796cb16c2c3a3052fb8e6f986b9963924265b

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\doubleRunningProtection.txt

Filesize
13B

MD5
77c57bed3e8b3f6b807c1186fe20d38d

SHA1
1108cc948bf82375119aa902bc217548d3417a63

SHA256
6aec9f5efccddc0466e0c623cc05b95a8c564f0c1a4fe6995435a25318019109

SHA512
443557ddc26a4a1dcb878e09e94d058f2fb5ea2299e6d9463468d70636d3f22b95a48cbd14b2c2af88e7d2fc2f5796cb16c2c3a3052fb8e6f986b9963924265b

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\tlauncher-2.0.properties

Filesize
51B

MD5
15aadbe464ab9a98f8e8a5d639ce83a7

SHA1
5b78f8f3676d9187aef13969d5e7433cb320b38c

SHA256
4fc0f7705d23405b6cced4b289b7da4875c69594ff099a3f5b535fba2936eafb

SHA512
d3f9136d6e959fcd7f882fc6695c761703e104ea25769ceebd10f147772e3d33a3d1f5e6561d79bd4396a0222095d1f5f3dbfa568a454eead96d30bb18a7fe37

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-4246620582-653642754-1174164128-1000\83aa4cc77f591dfc2374580bbd95f6ba_26355f79-4f6c-4ae9-abeb-84bfcbb996ec

Filesize
45B

MD5
c8366ae350e7019aefc9d1e6e6a498c6

SHA1
5731d8a3e6568a5f2dfbbc87e3db9637df280b61

SHA256
11e6aca8e682c046c83b721eeb5c72c5ef03cb5936c60df6f4993511ddc61238

SHA512
33c980d5a638bfc791de291ebf4b6d263b384247ab27f261a54025108f2f85374b579a026e545f81395736dd40fa4696f2163ca17640dd47f1c42bc9971b18cd

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
b780619509b9c7e3c639a0a2f31c3d87

SHA1
7dd0af81b023f6d317786f65d6a4ad09c66d3602

SHA256
171e9024171db6581449369c6d35448314cbbbd3bc8f5b71cc794d58f13fc1e8

SHA512
537d05b4401f31c1a0074a1da61e4eb6925a071a4db53bdca886f5df283c568e1f612455e97be232a5579a89e4f0a8303e5dc7d5638aa29c33c19b0b6ec27c3b

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
b780619509b9c7e3c639a0a2f31c3d87

SHA1
7dd0af81b023f6d317786f65d6a4ad09c66d3602

SHA256
171e9024171db6581449369c6d35448314cbbbd3bc8f5b71cc794d58f13fc1e8

SHA512
537d05b4401f31c1a0074a1da61e4eb6925a071a4db53bdca886f5df283c568e1f612455e97be232a5579a89e4f0a8303e5dc7d5638aa29c33c19b0b6ec27c3b

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
b780619509b9c7e3c639a0a2f31c3d87

SHA1
7dd0af81b023f6d317786f65d6a4ad09c66d3602

SHA256
171e9024171db6581449369c6d35448314cbbbd3bc8f5b71cc794d58f13fc1e8

SHA512
537d05b4401f31c1a0074a1da61e4eb6925a071a4db53bdca886f5df283c568e1f612455e97be232a5579a89e4f0a8303e5dc7d5638aa29c33c19b0b6ec27c3b

Download Submit
memory/1388-177-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/1764-179-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/1764-156-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/1948-222-0x00000000027A0000-0x00000000037A0000-memory.dmp

Filesize
16.0MB

Download
memory/2532-151-0x00000000009E0000-0x0000000000DC8000-memory.dmp

Filesize
3.9MB

Download
memory/2532-160-0x00000000009E0000-0x0000000000DC8000-memory.dmp

Filesize
3.9MB

Download
memory/2556-162-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/3120-274-0x00000000030B0000-0x00000000040B0000-memory.dmp

Filesize
16.0MB

Download
memory/3972-178-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/4324-237-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-205-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-249-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-250-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-233-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-241-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-245-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-247-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-235-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-239-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-238-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-248-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-246-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-244-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-229-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4324-231-0x0000000002930000-0x0000000003930000-memory.dmp

Filesize
16.0MB

Download
memory/4580-140-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4580-199-0x0000000000300000-0x00000000006E8000-memory.dmp

Filesize
3.9MB

Download
memory/4580-137-0x0000000000300000-0x00000000006E8000-memory.dmp

Filesize
3.9MB

Download
memory/4580-142-0x0000000000300000-0x00000000006E8000-memory.dmp

Filesize
3.9MB

Download
memory/4580-141-0x0000000006590000-0x0000000006593000-memory.dmp

Filesize
12KB

Download
memory/4620-183-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/4620-167-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/4900-301-0x00000000028D0000-0x00000000038D0000-memory.dmp

Filesize
16.0MB

Download
memory/4936-325-0x0000000002690000-0x0000000003690000-memory.dmp

Filesize
16.0MB

Download
memory/4980-311-0x0000000003440000-0x0000000004440000-memory.dmp

Filesize
16.0MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads