318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96

Resubmissions

01-02-2023 00:47

230201-a5n2xsbb55 8

01-02-2023 00:43

230201-a29jfsda7t 8

Analysis

max time kernel
86s
max time network
144s
platform
windows7_x64
resource
win7-20220812-en
resource tags

arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
submitted
01-02-2023 00:43

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.871-Installer-1.0.6-global.exe
Size

23.6MB
MD5

7a4472a78d0651e11d20aa08e43cc045
SHA1

aab1d5f80d7399ae2c1982201733be7681d100b1
SHA256

318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96
SHA512

c152c9d21b0615548173dcc61accb1a1afd5b6f98e6ec21f6a7119536397f07a54ad4087669716c3344dd338ce4f24cecf9989d472f65eaa18c87d496f23c681
SSDEEP

393216:gXQLpnUN/n8IPfs/dQETVlOBbpFEj9GZ1GphRqV56Hpk7IXOzDnKI17fyVS:ggLFUp8aHExiTI3qqHp6zvKcfyVS

Score

8^/10

discovery spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 18 IoCs

pid	Process
916	irsetup.exe
580	AdditionalExecuteTL.exe
1416	irsetup.exe
964	opera-installer-bro.exe
1968	opera-installer-bro.exe
1536	opera-installer-bro.exe
1908	opera-installer-bro.exe
1448	opera-installer-bro.exe
1676	_sfx.exe
1044	assistant_installer.exe
1720	assistant_installer.exe
268	jre-windows.exe
1612	jre-windows.exe
1392	installer.exe
1032	installer.exe
848	launcher.exe
1464	opera.exe
2100	opera_crashreporter.exe

UPX packed file 41 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x00090000000139f7-55.dat	upx
behavioral1/files/0x00090000000139f7-58.dat	upx
behavioral1/files/0x00090000000139f7-57.dat	upx
behavioral1/files/0x00090000000139f7-56.dat	upx
behavioral1/files/0x00090000000139f7-60.dat	upx
behavioral1/files/0x00090000000139f7-64.dat	upx
behavioral1/memory/916-67-0x0000000000BD0000-0x0000000000FB8000-memory.dmp	upx
behavioral1/memory/916-72-0x0000000000BD0000-0x0000000000FB8000-memory.dmp	upx
behavioral1/files/0x00090000000139f7-73.dat	upx
behavioral1/files/0x000400000001cb60-83.dat	upx
behavioral1/files/0x000400000001cb60-86.dat	upx
behavioral1/files/0x000400000001cb60-85.dat	upx
behavioral1/files/0x000400000001cb60-84.dat	upx
behavioral1/files/0x000400000001cb60-88.dat	upx
behavioral1/files/0x000400000001cb60-92.dat	upx
behavioral1/memory/1416-98-0x0000000001230000-0x0000000001618000-memory.dmp	upx
behavioral1/files/0x000400000001cb60-99.dat	upx
behavioral1/files/0x000500000001cb7a-100.dat	upx
behavioral1/files/0x000500000001cb7a-101.dat	upx
behavioral1/files/0x000500000001cb7a-103.dat	upx
behavioral1/files/0x000500000001cb7a-102.dat	upx
behavioral1/files/0x000500000001cb7a-107.dat	upx
behavioral1/files/0x000500000001cb7a-114.dat	upx
behavioral1/files/0x000500000001cb7a-113.dat	upx
behavioral1/files/0x000500000001cb7a-116.dat	upx
behavioral1/files/0x000400000001dba8-119.dat	upx
behavioral1/files/0x000400000001dba8-121.dat	upx
behavioral1/memory/1416-123-0x0000000001230000-0x0000000001618000-memory.dmp	upx
behavioral1/memory/1536-125-0x0000000000400000-0x0000000000908000-memory.dmp	upx
behavioral1/memory/964-126-0x0000000000400000-0x0000000000908000-memory.dmp	upx
behavioral1/files/0x000500000001cb7a-127.dat	upx
behavioral1/files/0x000500000001cb7a-130.dat	upx
behavioral1/memory/1968-132-0x0000000000400000-0x0000000000908000-memory.dmp	upx
behavioral1/files/0x000500000001cb7a-135.dat	upx
behavioral1/files/0x000500000001cb7a-137.dat	upx
behavioral1/memory/1908-145-0x0000000000400000-0x0000000000908000-memory.dmp	upx
behavioral1/memory/1448-147-0x0000000000400000-0x0000000000908000-memory.dmp	upx
behavioral1/memory/1908-188-0x0000000000400000-0x0000000000908000-memory.dmp	upx
behavioral1/memory/1448-192-0x0000000000400000-0x0000000000908000-memory.dmp	upx
behavioral1/memory/964-194-0x0000000000400000-0x0000000000908000-memory.dmp	upx
behavioral1/memory/1968-196-0x0000000000400000-0x0000000000908000-memory.dmp	upx

Loads dropped DLL 63 IoCs

pid	Process
1844	TLauncher-2.871-Installer-1.0.6-global.exe
1844	TLauncher-2.871-Installer-1.0.6-global.exe
1844	TLauncher-2.871-Installer-1.0.6-global.exe
1844	TLauncher-2.871-Installer-1.0.6-global.exe
916	irsetup.exe
916	irsetup.exe
916	irsetup.exe
916	irsetup.exe
916	irsetup.exe
916	irsetup.exe
916	irsetup.exe
916	irsetup.exe
580	AdditionalExecuteTL.exe
580	AdditionalExecuteTL.exe
580	AdditionalExecuteTL.exe
580	AdditionalExecuteTL.exe
1416	irsetup.exe
1416	irsetup.exe
1416	irsetup.exe
1416	irsetup.exe
1416	irsetup.exe
1416	irsetup.exe
1416	irsetup.exe
1416	irsetup.exe
964	opera-installer-bro.exe
964	opera-installer-bro.exe
1968	opera-installer-bro.exe
964	opera-installer-bro.exe
1536	opera-installer-bro.exe
964	opera-installer-bro.exe
1908	opera-installer-bro.exe
1908	opera-installer-bro.exe
1448	opera-installer-bro.exe
964	opera-installer-bro.exe
964	opera-installer-bro.exe
964	opera-installer-bro.exe
964	opera-installer-bro.exe
1044	assistant_installer.exe
1908	opera-installer-bro.exe
1908	opera-installer-bro.exe
916	irsetup.exe
268	jre-windows.exe
1908	opera-installer-bro.exe
1392	installer.exe
1392	installer.exe
1032	installer.exe
1392	installer.exe
1360	Process not Found
1360	Process not Found
1360	Process not Found
1360	Process not Found
1360	Process not Found
1360	Process not Found
1360	Process not Found
1360	Process not Found
1392	installer.exe
848	launcher.exe
1464	opera.exe
1360	Process not Found
1464	opera.exe
1464	opera.exe
1464	opera.exe
1464	opera.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 3 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	opera-installer-bro.exe
File opened (read-only)	\??\D:	opera-installer-bro.exe
File opened (read-only)	\??\D:	installer.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	opera.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	opera.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	irsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000\Software\Microsoft\Internet Explorer\Main	jre-windows.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\ftp\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\launcher.exe\" -noautoupdate -- \"%1\""	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\ftp\shell\open\ddeexec\Application	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\ftp\shell\open\ddeexec\Application\	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.xhtml\ = "OperaStable"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\OperaStable\shell\open\ddeexec	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.opdownload	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\https\shell\open\ddeexec\	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\http	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\http\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\launcher.exe\" -noautoupdate -- \"%1\""	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.opdownload\ = "OperaStable"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.opdownload\OpenWithProgIDs	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.htm\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.html	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\http\shell\open	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\https\shell\open\ddeexec\Topic\	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\ftp\shell	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\ftp\shell\open	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\OperaStable\shell\open\ddeexec\Application	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\OperaStable\shell\open\ddeexec\Application\	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\http\shell	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.pdf\OpenWithProgIDs	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\http\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\Launcher.exe,0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\https\shell\open\ddeexec	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\ftp	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\OperaStable\URL Protocol	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\OperaStable\shell\open\ddeexec\Topic\	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.htm	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\https\shell\open\ddeexec\Topic	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\ftp\shell\open\ddeexec\Topic\	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.pdf\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\https\DefaultIcon	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\https\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\Launcher.exe,0"	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.shtml\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\Applications	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\http\DefaultIcon	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\http\shell\open\ddeexec\	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\https\shell\open\ddeexec\Application\	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\OperaStable\shell\open\command	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.html\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.shtml\OpenWithProgIDs	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.shtml\ = "OperaStable"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.pdf	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.xhtml\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\http\shell\open\ddeexec	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.xht\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\https\shell\open\ddeexec\Application	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\Applications\opera.exe\shell	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\http\URL Protocol	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.html\ = "OperaStable"	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\ftp\EditFlags = "2"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\ftp\shell\open\ddeexec	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\OperaStable\DefaultIcon	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\OperaStable\shell\open\ddeexec\Topic	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\Applications\opera.exe\shell\open\command	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\ftp\shell\open\ddeexec\Topic	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\OperaStable	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.xhtml\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\Applications\opera.exe\shell\open	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\http\shell\open\command	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\http\EditFlags = "2"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\http\shell\open\ddeexec\Application	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\http\shell\open\ddeexec\Application\	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\https\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\launcher.exe\" -noautoupdate -- \"%1\""	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2292972927-2705560509-2768824231-1000_CLASSES\.htm\ = "OperaStable"	installer.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	irsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	irsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	opera-installer-bro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
916	irsetup.exe
916	irsetup.exe
916	irsetup.exe
916	irsetup.exe
916	irsetup.exe
916	irsetup.exe
1416	irsetup.exe
1416	irsetup.exe
1612	jre-windows.exe
1612	jre-windows.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1844 wrote to memory of 916	1844	TLauncher-2.871-Installer-1.0.6-global.exe	27
PID 1844 wrote to memory of 916	1844	TLauncher-2.871-Installer-1.0.6-global.exe	27
PID 1844 wrote to memory of 916	1844	TLauncher-2.871-Installer-1.0.6-global.exe	27
PID 1844 wrote to memory of 916	1844	TLauncher-2.871-Installer-1.0.6-global.exe	27
PID 1844 wrote to memory of 916	1844	TLauncher-2.871-Installer-1.0.6-global.exe	27
PID 1844 wrote to memory of 916	1844	TLauncher-2.871-Installer-1.0.6-global.exe	27
PID 1844 wrote to memory of 916	1844	TLauncher-2.871-Installer-1.0.6-global.exe	27
PID 916 wrote to memory of 580	916	irsetup.exe	30
PID 916 wrote to memory of 580	916	irsetup.exe	30
PID 916 wrote to memory of 580	916	irsetup.exe	30
PID 916 wrote to memory of 580	916	irsetup.exe	30
PID 916 wrote to memory of 580	916	irsetup.exe	30
PID 916 wrote to memory of 580	916	irsetup.exe	30
PID 916 wrote to memory of 580	916	irsetup.exe	30
PID 580 wrote to memory of 1416	580	AdditionalExecuteTL.exe	31
PID 580 wrote to memory of 1416	580	AdditionalExecuteTL.exe	31
PID 580 wrote to memory of 1416	580	AdditionalExecuteTL.exe	31
PID 580 wrote to memory of 1416	580	AdditionalExecuteTL.exe	31
PID 580 wrote to memory of 1416	580	AdditionalExecuteTL.exe	31
PID 580 wrote to memory of 1416	580	AdditionalExecuteTL.exe	31
PID 580 wrote to memory of 1416	580	AdditionalExecuteTL.exe	31
PID 1416 wrote to memory of 964	1416	irsetup.exe	32
PID 1416 wrote to memory of 964	1416	irsetup.exe	32
PID 1416 wrote to memory of 964	1416	irsetup.exe	32
PID 1416 wrote to memory of 964	1416	irsetup.exe	32
PID 1416 wrote to memory of 964	1416	irsetup.exe	32
PID 1416 wrote to memory of 964	1416	irsetup.exe	32
PID 1416 wrote to memory of 964	1416	irsetup.exe	32
PID 964 wrote to memory of 1968	964	opera-installer-bro.exe	33
PID 964 wrote to memory of 1968	964	opera-installer-bro.exe	33
PID 964 wrote to memory of 1968	964	opera-installer-bro.exe	33
PID 964 wrote to memory of 1968	964	opera-installer-bro.exe	33
PID 964 wrote to memory of 1968	964	opera-installer-bro.exe	33
PID 964 wrote to memory of 1968	964	opera-installer-bro.exe	33
PID 964 wrote to memory of 1968	964	opera-installer-bro.exe	33
PID 964 wrote to memory of 1536	964	opera-installer-bro.exe	35
PID 964 wrote to memory of 1536	964	opera-installer-bro.exe	35
PID 964 wrote to memory of 1536	964	opera-installer-bro.exe	35
PID 964 wrote to memory of 1536	964	opera-installer-bro.exe	35
PID 964 wrote to memory of 1536	964	opera-installer-bro.exe	35
PID 964 wrote to memory of 1536	964	opera-installer-bro.exe	35
PID 964 wrote to memory of 1536	964	opera-installer-bro.exe	35
PID 964 wrote to memory of 1908	964	opera-installer-bro.exe	36
PID 964 wrote to memory of 1908	964	opera-installer-bro.exe	36
PID 964 wrote to memory of 1908	964	opera-installer-bro.exe	36
PID 964 wrote to memory of 1908	964	opera-installer-bro.exe	36
PID 964 wrote to memory of 1908	964	opera-installer-bro.exe	36
PID 964 wrote to memory of 1908	964	opera-installer-bro.exe	36
PID 964 wrote to memory of 1908	964	opera-installer-bro.exe	36
PID 1908 wrote to memory of 1448	1908	opera-installer-bro.exe	37
PID 1908 wrote to memory of 1448	1908	opera-installer-bro.exe	37
PID 1908 wrote to memory of 1448	1908	opera-installer-bro.exe	37
PID 1908 wrote to memory of 1448	1908	opera-installer-bro.exe	37
PID 1908 wrote to memory of 1448	1908	opera-installer-bro.exe	37
PID 1908 wrote to memory of 1448	1908	opera-installer-bro.exe	37
PID 1908 wrote to memory of 1448	1908	opera-installer-bro.exe	37
PID 964 wrote to memory of 1676	964	opera-installer-bro.exe	39
PID 964 wrote to memory of 1676	964	opera-installer-bro.exe	39
PID 964 wrote to memory of 1676	964	opera-installer-bro.exe	39
PID 964 wrote to memory of 1676	964	opera-installer-bro.exe	39
PID 964 wrote to memory of 1676	964	opera-installer-bro.exe	39
PID 964 wrote to memory of 1676	964	opera-installer-bro.exe	39
PID 964 wrote to memory of 1676	964	opera-installer-bro.exe	39
PID 964 wrote to memory of 1044	964	opera-installer-bro.exe	40

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1844
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe" "__IRCT:3" "__IRTSS:24771453" "__IRSID:S-1-5-21-2292972927-2705560509-2768824231-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:916
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:580
  - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-2292972927-2705560509-2768824231-1000"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies system certificate store
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1416
    - - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Modifies system certificate store
        Suspicious use of WriteProcessMemory
        
        PID:964
      - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x714a8658,0x714a8668,0x714a8674
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1968
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1536
      - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=964 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230201014428" --session-guid=d8c16aaa-3f2c-419a-afc4-b8d5b384b388 --server-tracking-blob=ZjlkZTYwOTYwNmQwMWRlMjJlYjA2YjgyMDY4Y2JkMjNkMTBkYjA5NzgzNWVhYTExYzhmMzE5ZTg5YWZmNDJlZjp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzUyMTIyNjMuOTk2NiIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiYTVhZjhiY2EtYmYwZS00ZjA2LWIxMzMtZDUwYjExNWZlMjM4In0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1403000000000000
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Suspicious use of WriteProcessMemory
        
        PID:1908
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x70a88658,0x70a88668,0x70a88674
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe" --backend --initial-pid=964 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281" --session-guid=d8c16aaa-3f2c-419a-afc4-b8d5b384b388 --server-tracking-blob=ZjlkZTYwOTYwNmQwMWRlMjJlYjA2YjgyMDY4Y2JkMjNkMTBkYjA5NzgzNWVhYTExYzhmMzE5ZTg5YWZmNDJlZjp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzUyMTIyNjMuOTk2NiIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiYTVhZjhiY2EtYmYwZS00ZjA2LWIxMzMtZDUwYjExNWZlMjM4In0= --silent --desktopshortcut=1 --install-subfolder=94.0.4606.76
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Modifies registry class
        
        PID:1392
        
        C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe
        
        C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x174,0x178,0x17c,0x148,0x180,0x7fef6702c98,0x7fef6702ca8,0x7fef6702cb8
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1032
        
        C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:848
        
        C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates system info in registry
        
        PID:1464
        
        C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe
        
        C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feef60c490,0x7feef60c4a0,0x7feef60c4b0
        10⤵
        Executes dropped EXE
        
        PID:2100
        
        C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1076 --field-trial-handle=1252,i,17255632522827407857,4961816244031349717,131072 /prefetch:2
        10⤵
        
        PID:2324
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\assistant\_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\assistant\_sfx.exe"
        6⤵
        Executes dropped EXE
        
        PID:1676
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\assistant\assistant_installer.exe" --version
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1044
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0xb42dc0,0xb42dd0,0xb42ddc
        7⤵
        Executes dropped EXE
        
        PID:1720
- - C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
    "C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:268
  - - C:\Users\Admin\AppData\Local\Temp\jds7156857.tmp\jre-windows.exe
      "C:\Users\Admin\AppData\Local\Temp\jds7156857.tmp\jre-windows.exe" "STATIC=1"
      4⤵
      Executes dropped EXE
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1612

C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
1⤵
PID:2404
- C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe
  C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feef60c490,0x7feef60c4a0,0x7feef60c4b0
  2⤵
  PID:2432
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1092 --field-trial-handle=1204,i,3939142111084254805,12633887862589323096,131072 /prefetch:2
  2⤵
  PID:2580
- C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
  2⤵
  PID:2796
- - C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe
    C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x13fbbab38,0x13fbbab48,0x13fbbab58
    3⤵
    PID:2816

C:\Windows\system32\taskeng.exe
taskeng.exe {B6B58CDC-DFD3-448E-B04F-B85CB2FCE9BE} S-1-5-21-2292972927-2705560509-2768824231-1000:GRXNNIIE\Admin:Interactive:[1]
1⤵
PID:2916
- C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
  C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=94.0.4606.76 --newautoupdaterlogic
  2⤵
  PID:2980
- - C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
    3⤵
    PID:2080

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
471B

MD5
9cbb254ca8da5a4099c66d7dce2d69de

SHA1
3f328e1410c5c4ea2fa2b387dbef7c6479ea258c

SHA256
f6cad04bfeb909acd5c89c6137fd33b267fa2e021553b3515c82e9d7cfb3fc58

SHA512
93fe3387c563d18ea2f9cb96f1d868d1d5a26c0490126242279a6f39a2df53311fc9806ee14b4b0301195a17dd75abc318695aa0a328330820e8fc20b6fed4a4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
340B

MD5
48d119a09decae2c1798b08ef0774040

SHA1
605de81d6ca7ef2c7430086df0e75f0f7f13c959

SHA256
a46f2d0a6154f99589d1021d975b410323612cfb0d92741d1bda28b50c9d39e0

SHA512
1be9023999379e77b8bce57c79ff1e98c4eca21bc2b4d1be9221253b220b308dac47b5f071a112d53e5485fe38a912ca2297593fc3110c4dee9b55622f5a3182

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
5b0d89a2a8ecd2e242d42c1a5f001555

SHA1
6e838fe2106d0791d08f26a127af607ad1c3cb1e

SHA256
b38d0ddac7ae096b8595f5b0f176ea604533f871040f2876dcd101ede16a4686

SHA512
b10a1c53638b03ca433532709d8cb5776a8b43e8de91dcffde3c4515c978461ee6b0e64a731d00013d563f57b3a01424ff82cf289f96f6b48ea780628618470b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
434B

MD5
12556eb0bc58d1967161fba9402eb397

SHA1
cbc5b4e0a9374abd7ee93fca0f6d007308fdd25b

SHA256
ed173b878828166c2271a84abb12d5fa4e250a0485f010943463f459d5d0b9f5

SHA512
dc24cbd41bee2faa0edac49e9f1254af8d52440cb7adb3534c10b5c53102e7694c3f64bb58f55afd6a18da026a866e75d0e312004cc56333ada6137611a6fb23

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
b58b3f896d028778df3528a3ff6e8967

SHA1
506be618807c061e1de17eff2c0896bce84c2383

SHA256
d5b7e4c851ee2dd80ab3058cee38f2e87e868b8a7f3ab35e54a112a6546de2bd

SHA512
4cf5ab25244c9549a66a366f48108c94b51552b5f14d752978dc726c4d314ae0f18ca90c29d00a44b07f8f84ba99dd494f75b803722df964cf4026833c09a10f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\assistant\_sfx.exe

Filesize
1.7MB

MD5
0238df215bf6943892daf85de8ad433a

SHA1
3d905e4e2c0e9170df61b7a199321847691f945e

SHA256
a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

SHA512
fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\assistant\_sfx.exe

Filesize
1.7MB

MD5
0238df215bf6943892daf85de8ad433a

SHA1
3d905e4e2c0e9170df61b7a199321847691f945e

SHA256
a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

SHA512
fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
9df6e2fbb7e38964f35016bf91ef7424

SHA1
d0c1266dc46814bc6165cf6a69e90581228989a7

SHA256
3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

SHA512
b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
9df6e2fbb7e38964f35016bf91ef7424

SHA1
d0c1266dc46814bc6165cf6a69e90581228989a7

SHA256
3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

SHA512
b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
9df6e2fbb7e38964f35016bf91ef7424

SHA1
d0c1266dc46814bc6165cf6a69e90581228989a7

SHA256
3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

SHA512
b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
7e08af319c9eb3297e09ca7bb8387de4

SHA1
4cf091f77a3eb9437ef33985e64bd10c1257284f

SHA256
6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

SHA512
bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
7e08af319c9eb3297e09ca7bb8387de4

SHA1
4cf091f77a3eb9437ef33985e64bd10c1257284f

SHA256
6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

SHA512
bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
b58b3f896d028778df3528a3ff6e8967

SHA1
506be618807c061e1de17eff2c0896bce84c2383

SHA256
d5b7e4c851ee2dd80ab3058cee38f2e87e868b8a7f3ab35e54a112a6546de2bd

SHA512
4cf5ab25244c9549a66a366f48108c94b51552b5f14d752978dc726c4d314ae0f18ca90c29d00a44b07f8f84ba99dd494f75b803722df964cf4026833c09a10f

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
b58b3f896d028778df3528a3ff6e8967

SHA1
506be618807c061e1de17eff2c0896bce84c2383

SHA256
d5b7e4c851ee2dd80ab3058cee38f2e87e868b8a7f3ab35e54a112a6546de2bd

SHA512
4cf5ab25244c9549a66a366f48108c94b51552b5f14d752978dc726c4d314ae0f18ca90c29d00a44b07f8f84ba99dd494f75b803722df964cf4026833c09a10f

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
b58b3f896d028778df3528a3ff6e8967

SHA1
506be618807c061e1de17eff2c0896bce84c2383

SHA256
d5b7e4c851ee2dd80ab3058cee38f2e87e868b8a7f3ab35e54a112a6546de2bd

SHA512
4cf5ab25244c9549a66a366f48108c94b51552b5f14d752978dc726c4d314ae0f18ca90c29d00a44b07f8f84ba99dd494f75b803722df964cf4026833c09a10f

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
b58b3f896d028778df3528a3ff6e8967

SHA1
506be618807c061e1de17eff2c0896bce84c2383

SHA256
d5b7e4c851ee2dd80ab3058cee38f2e87e868b8a7f3ab35e54a112a6546de2bd

SHA512
4cf5ab25244c9549a66a366f48108c94b51552b5f14d752978dc726c4d314ae0f18ca90c29d00a44b07f8f84ba99dd494f75b803722df964cf4026833c09a10f

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
b58b3f896d028778df3528a3ff6e8967

SHA1
506be618807c061e1de17eff2c0896bce84c2383

SHA256
d5b7e4c851ee2dd80ab3058cee38f2e87e868b8a7f3ab35e54a112a6546de2bd

SHA512
4cf5ab25244c9549a66a366f48108c94b51552b5f14d752978dc726c4d314ae0f18ca90c29d00a44b07f8f84ba99dd494f75b803722df964cf4026833c09a10f

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

Filesize
602B

MD5
a8ce36b26dc26dee2ce636806f6ef6da

SHA1
cdb5144c3a8d9af9722cbd73cdd35146e839cc1e

SHA256
1da7bff55479e5ebe75ce742f05a8a24969056c3bdf9b5dac071581cfb67d469

SHA512
1bf64beeca1cded7ad9389e40592a2ab6f292ab42748d214e97b8d26abceab1cf281e410ed2646b1855f6cbcb17867dc96e82873c60aa083632903320c9bdd77

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
96ca8d9c659023c443384f284616b464

SHA1
581ac02d7800fd94f5110679022943a654c2c7f4

SHA256
5d6e07739ffcc99437057d36f463138c3915036bbd911d5247f13e7b972caaa6

SHA512
0d65cca6b2f87418b2616df45d652c582bb4f57ca6a989b417ee9b749b586fd1234a64b52b51b6a75c934339e8e99db31407cc5eaa59555e5d6bb0e123603f98

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
b58b3f896d028778df3528a3ff6e8967

SHA1
506be618807c061e1de17eff2c0896bce84c2383

SHA256
d5b7e4c851ee2dd80ab3058cee38f2e87e868b8a7f3ab35e54a112a6546de2bd

SHA512
4cf5ab25244c9549a66a366f48108c94b51552b5f14d752978dc726c4d314ae0f18ca90c29d00a44b07f8f84ba99dd494f75b803722df964cf4026833c09a10f

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\assistant\_sfx.exe

Filesize
1.7MB

MD5
0238df215bf6943892daf85de8ad433a

SHA1
3d905e4e2c0e9170df61b7a199321847691f945e

SHA256
a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

SHA512
fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
9df6e2fbb7e38964f35016bf91ef7424

SHA1
d0c1266dc46814bc6165cf6a69e90581228989a7

SHA256
3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

SHA512
b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
9df6e2fbb7e38964f35016bf91ef7424

SHA1
d0c1266dc46814bc6165cf6a69e90581228989a7

SHA256
3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

SHA512
b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\opera_package

Filesize
86.7MB

MD5
038275aad393989e8c0b6634da083fc7

SHA1
65b4ebd22a289935b71d41077a06eeda11eed154

SHA256
ac96d0fca59c713690e2dd0d899c90d0c27ad4784f8425656ae14aefdaca3d05

SHA512
2dd5bdfa1e500232ac0ac06030db3b73b3a5af2a8d9fa1601913deeb853ec99249387bc96f5efa25919fa3ef2bf1c512e21dd07b2baecccacfa90548cd21a4d8

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010144281\opera_package

Filesize
86.7MB

MD5
038275aad393989e8c0b6634da083fc7

SHA1
65b4ebd22a289935b71d41077a06eeda11eed154

SHA256
ac96d0fca59c713690e2dd0d899c90d0c27ad4784f8425656ae14aefdaca3d05

SHA512
2dd5bdfa1e500232ac0ac06030db3b73b3a5af2a8d9fa1601913deeb853ec99249387bc96f5efa25919fa3ef2bf1c512e21dd07b2baecccacfa90548cd21a4d8

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_230201014426435964.dll

Filesize
4.3MB

MD5
832ae69091fba73338df9103db4f8be1

SHA1
d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

SHA256
191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

SHA512
b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2302010144274341968.dll

Filesize
4.3MB

MD5
832ae69091fba73338df9103db4f8be1

SHA1
d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

SHA256
191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

SHA512
b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2302010144279331536.dll

Filesize
4.3MB

MD5
832ae69091fba73338df9103db4f8be1

SHA1
d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

SHA256
191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

SHA512
b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2302010144309121908.dll

Filesize
4.3MB

MD5
832ae69091fba73338df9103db4f8be1

SHA1
d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

SHA256
191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

SHA512
b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2302010144321451448.dll

Filesize
4.3MB

MD5
832ae69091fba73338df9103db4f8be1

SHA1
d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

SHA256
191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

SHA512
b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
7e08af319c9eb3297e09ca7bb8387de4

SHA1
4cf091f77a3eb9437ef33985e64bd10c1257284f

SHA256
6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

SHA512
bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
7e08af319c9eb3297e09ca7bb8387de4

SHA1
4cf091f77a3eb9437ef33985e64bd10c1257284f

SHA256
6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

SHA512
bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
7e08af319c9eb3297e09ca7bb8387de4

SHA1
4cf091f77a3eb9437ef33985e64bd10c1257284f

SHA256
6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

SHA512
bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
7e08af319c9eb3297e09ca7bb8387de4

SHA1
4cf091f77a3eb9437ef33985e64bd10c1257284f

SHA256
6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

SHA512
bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
7e08af319c9eb3297e09ca7bb8387de4

SHA1
4cf091f77a3eb9437ef33985e64bd10c1257284f

SHA256
6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

SHA512
bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
b58b3f896d028778df3528a3ff6e8967

SHA1
506be618807c061e1de17eff2c0896bce84c2383

SHA256
d5b7e4c851ee2dd80ab3058cee38f2e87e868b8a7f3ab35e54a112a6546de2bd

SHA512
4cf5ab25244c9549a66a366f48108c94b51552b5f14d752978dc726c4d314ae0f18ca90c29d00a44b07f8f84ba99dd494f75b803722df964cf4026833c09a10f

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
b58b3f896d028778df3528a3ff6e8967

SHA1
506be618807c061e1de17eff2c0896bce84c2383

SHA256
d5b7e4c851ee2dd80ab3058cee38f2e87e868b8a7f3ab35e54a112a6546de2bd

SHA512
4cf5ab25244c9549a66a366f48108c94b51552b5f14d752978dc726c4d314ae0f18ca90c29d00a44b07f8f84ba99dd494f75b803722df964cf4026833c09a10f

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
b58b3f896d028778df3528a3ff6e8967

SHA1
506be618807c061e1de17eff2c0896bce84c2383

SHA256
d5b7e4c851ee2dd80ab3058cee38f2e87e868b8a7f3ab35e54a112a6546de2bd

SHA512
4cf5ab25244c9549a66a366f48108c94b51552b5f14d752978dc726c4d314ae0f18ca90c29d00a44b07f8f84ba99dd494f75b803722df964cf4026833c09a10f

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
b58b3f896d028778df3528a3ff6e8967

SHA1
506be618807c061e1de17eff2c0896bce84c2383

SHA256
d5b7e4c851ee2dd80ab3058cee38f2e87e868b8a7f3ab35e54a112a6546de2bd

SHA512
4cf5ab25244c9549a66a366f48108c94b51552b5f14d752978dc726c4d314ae0f18ca90c29d00a44b07f8f84ba99dd494f75b803722df964cf4026833c09a10f

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
b58b3f896d028778df3528a3ff6e8967

SHA1
506be618807c061e1de17eff2c0896bce84c2383

SHA256
d5b7e4c851ee2dd80ab3058cee38f2e87e868b8a7f3ab35e54a112a6546de2bd

SHA512
4cf5ab25244c9549a66a366f48108c94b51552b5f14d752978dc726c4d314ae0f18ca90c29d00a44b07f8f84ba99dd494f75b803722df964cf4026833c09a10f

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
b58b3f896d028778df3528a3ff6e8967

SHA1
506be618807c061e1de17eff2c0896bce84c2383

SHA256
d5b7e4c851ee2dd80ab3058cee38f2e87e868b8a7f3ab35e54a112a6546de2bd

SHA512
4cf5ab25244c9549a66a366f48108c94b51552b5f14d752978dc726c4d314ae0f18ca90c29d00a44b07f8f84ba99dd494f75b803722df964cf4026833c09a10f

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
b58b3f896d028778df3528a3ff6e8967

SHA1
506be618807c061e1de17eff2c0896bce84c2383

SHA256
d5b7e4c851ee2dd80ab3058cee38f2e87e868b8a7f3ab35e54a112a6546de2bd

SHA512
4cf5ab25244c9549a66a366f48108c94b51552b5f14d752978dc726c4d314ae0f18ca90c29d00a44b07f8f84ba99dd494f75b803722df964cf4026833c09a10f

Download Submit
memory/580-96-0x0000000002B00000-0x0000000002EE8000-memory.dmp

Filesize
3.9MB

Download
memory/580-97-0x0000000002B00000-0x0000000002EE8000-memory.dmp

Filesize
3.9MB

Download
memory/916-70-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/916-148-0x0000000004BA0000-0x0000000004BB0000-memory.dmp

Filesize
64KB

Download
memory/916-72-0x0000000000BD0000-0x0000000000FB8000-memory.dmp

Filesize
3.9MB

Download
memory/916-77-0x0000000004BA0000-0x0000000004BB0000-memory.dmp

Filesize
64KB

Download
memory/916-71-0x0000000000AE0000-0x0000000000B0C000-memory.dmp

Filesize
176KB

Download
memory/916-67-0x0000000000BD0000-0x0000000000FB8000-memory.dmp

Filesize
3.9MB

Download
memory/964-144-0x0000000003770000-0x0000000003C78000-memory.dmp

Filesize
5.0MB

Download
memory/964-126-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/964-129-0x0000000002960000-0x0000000002E68000-memory.dmp

Filesize
5.0MB

Download
memory/964-133-0x0000000003470000-0x0000000003978000-memory.dmp

Filesize
5.0MB

Download
memory/964-157-0x0000000003770000-0x0000000003C78000-memory.dmp

Filesize
5.0MB

Download
memory/964-155-0x0000000002960000-0x0000000002E68000-memory.dmp

Filesize
5.0MB

Download
memory/964-194-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/1416-105-0x0000000000DE0000-0x0000000000DF0000-memory.dmp

Filesize
64KB

Download
memory/1416-123-0x0000000001230000-0x0000000001618000-memory.dmp

Filesize
3.9MB

Download
memory/1416-111-0x0000000005740000-0x0000000005C48000-memory.dmp

Filesize
5.0MB

Download
memory/1416-110-0x0000000005740000-0x0000000005C48000-memory.dmp

Filesize
5.0MB

Download
memory/1416-109-0x0000000005740000-0x0000000005C48000-memory.dmp

Filesize
5.0MB

Download
memory/1416-98-0x0000000001230000-0x0000000001618000-memory.dmp

Filesize
3.9MB

Download
memory/1416-106-0x0000000005740000-0x0000000005C48000-memory.dmp

Filesize
5.0MB

Download
memory/1448-192-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/1448-147-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/1464-193-0x0000000002A40000-0x0000000002A50000-memory.dmp

Filesize
64KB

Download
memory/1536-125-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/1612-171-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmp

Filesize
8KB

Download
memory/1844-65-0x0000000002AF0000-0x0000000002ED8000-memory.dmp

Filesize
3.9MB

Download
memory/1844-66-0x0000000002AF0000-0x0000000002ED8000-memory.dmp

Filesize
3.9MB

Download
memory/1844-54-0x0000000075B41000-0x0000000075B43000-memory.dmp

Filesize
8KB

Download
memory/1908-145-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/1908-146-0x00000000029F0000-0x0000000002EF8000-memory.dmp

Filesize
5.0MB

Download
memory/1908-188-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/1968-132-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download
memory/1968-196-0x0000000000400000-0x0000000000908000-memory.dmp

Filesize
5.0MB

Download

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v6

Replay Monitor

Loading Replay Monitor...

Downloads