318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96

Analysis

max time kernel
144s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
04/02/2023, 16:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.871-Installer-1.0.6-global.exe
Size

23.6MB
MD5

7a4472a78d0651e11d20aa08e43cc045
SHA1

aab1d5f80d7399ae2c1982201733be7681d100b1
SHA256

318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96
SHA512

c152c9d21b0615548173dcc61accb1a1afd5b6f98e6ec21f6a7119536397f07a54ad4087669716c3344dd338ce4f24cecf9989d472f65eaa18c87d496f23c681
SSDEEP

393216:gXQLpnUN/n8IPfs/dQETVlOBbpFEj9GZ1GphRqV56Hpk7IXOzDnKI17fyVS:ggLFUp8aHExiTI3qqHp6zvKcfyVS

Score

8^/10

discovery upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	TLauncher-2.871-Installer-1.0.6-global.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	irsetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	AdditionalExecuteTL.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4246620582-653642754-1174164128-1000\Control Panel\International\Geo\Nation	irsetup.exe

Executes dropped EXE 4 IoCs

pid	Process
1688	irsetup.exe
3860	AdditionalExecuteTL.exe
1704	irsetup.exe
4112	opera-installer-bro.exe

Loads dropped DLL 4 IoCs

pid	Process
1688	irsetup.exe
1688	irsetup.exe
1688	irsetup.exe
1704	irsetup.exe

UPX packed file 18 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0002000000022662-133.dat	upx
behavioral2/files/0x0002000000022662-134.dat	upx
behavioral2/memory/1688-137-0x00000000003F0000-0x00000000007D8000-memory.dmp	upx
behavioral2/memory/1688-142-0x00000000003F0000-0x00000000007D8000-memory.dmp	upx
behavioral2/files/0x0003000000000729-148.dat	upx
behavioral2/files/0x0003000000000729-149.dat	upx
behavioral2/memory/1704-152-0x0000000000930000-0x0000000000D18000-memory.dmp	upx
behavioral2/files/0x0002000000022b09-156.dat	upx
behavioral2/files/0x0002000000022b09-155.dat	upx
behavioral2/files/0x0002000000022b09-159.dat	upx
behavioral2/files/0x0006000000023294-164.dat	upx
behavioral2/memory/1704-165-0x0000000000930000-0x0000000000D18000-memory.dmp	upx
behavioral2/memory/664-168-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral2/files/0x0002000000022b09-173.dat	upx
behavioral2/files/0x0002000000022b09-170.dat	upx
behavioral2/memory/2428-166-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral2/files/0x0006000000023294-163.dat	upx
behavioral2/memory/4112-162-0x0000000000400000-0x0000000000947000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
1688	irsetup.exe
1688	irsetup.exe
1688	irsetup.exe
1688	irsetup.exe
1688	irsetup.exe
1688	irsetup.exe
1688	irsetup.exe
3860	AdditionalExecuteTL.exe
1704	irsetup.exe
1704	irsetup.exe
1704	irsetup.exe
4112	opera-installer-bro.exe

Suspicious use of WriteProcessMemory 12 IoCs

description	pid	Process	procid_target
PID 4848 wrote to memory of 1688	4848	TLauncher-2.871-Installer-1.0.6-global.exe	83
PID 4848 wrote to memory of 1688	4848	TLauncher-2.871-Installer-1.0.6-global.exe	83
PID 4848 wrote to memory of 1688	4848	TLauncher-2.871-Installer-1.0.6-global.exe	83
PID 1688 wrote to memory of 3860	1688	irsetup.exe	94
PID 1688 wrote to memory of 3860	1688	irsetup.exe	94
PID 1688 wrote to memory of 3860	1688	irsetup.exe	94
PID 3860 wrote to memory of 1704	3860	AdditionalExecuteTL.exe	95
PID 3860 wrote to memory of 1704	3860	AdditionalExecuteTL.exe	95
PID 3860 wrote to memory of 1704	3860	AdditionalExecuteTL.exe	95
PID 1704 wrote to memory of 4112	1704	irsetup.exe	96
PID 1704 wrote to memory of 4112	1704	irsetup.exe	96
PID 1704 wrote to memory of 4112	1704	irsetup.exe	96

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe" "__IRCT:3" "__IRTSS:24771453" "__IRSID:S-1-5-21-4246620582-653642754-1174164128-1000"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1688
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3860
  - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-4246620582-653642754-1174164128-1000"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1704
    - - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
        5⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4112
      - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6f57e428,0x6f57e438,0x6f57e444
        6⤵
        
        PID:2428
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
        6⤵
        
        PID:664
      - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4112 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230204174912" --session-guid=e05cf596-a14b-429d-a8f6-c087158a462a --server-tracking-blob=Mzk5NzQ4Y2Y3MzRiYTQxNjdkNTQ2Yzg5ZWU3NWYwYjYyY2NiMmU4ZWU1OGVkYTEzN2VmYjk5NzM0NDU2N2RmYjp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzU1MjkzNTEuNTA1NyIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiMjBiNDhlOTYtZjYxNC00M2YzLWJkMDYtZjJmM2JiMmIyODY0In0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=8405000000000000
        6⤵
        
        PID:1300
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x34c,0x350,0x354,0x31c,0x358,0x6ea5e428,0x6ea5e438,0x6ea5e444
        7⤵
        
        PID:4072

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
471B

MD5
570a1c546824166fb3c177c773629737

SHA1
db8cd214efba988d4e32bb8115ad4b7aae2c14e7

SHA256
12fb880a046d91c209588ed155147d84958042a4ab20b2c84dcd31891ac6a840

SHA512
f8e2c755bfd47f01d938af797a72b7f6998f2bb9d3ea87e894dc3e7d52126efeb9e8ee2bb803d12cb64ee5c6d8faabc37f1ef390551f5fde2f16afddaea3bab8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
434B

MD5
8afe076f52ee3249013e0f23167f1361

SHA1
52b9c6dac2f8bda980e7b8fb9eb51a47aef6c068

SHA256
af2475fe8feb8b39354ea43874522dccaa9a541a67a8ccfd6ff6f08f0f9328aa

SHA512
1d3456a4973ef24d010fdd3382fd6fa10960546f81054029d37fd07b1153f9742aa7670948593b65f4f59b11aaece518dfe2c8905c8dd5d9b074c9cb7fc79e66

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
d3116439c9c8c44460f0b1471741a550

SHA1
3e480ab1017bc4560adfe7f3f78df8e2d0808572

SHA256
b4876636967d60bc139365cfeb7f98d56932a798e1a589235a792ebf7322d050

SHA512
8ee8466cea987b56a3ffb903570e39962bea14aa18b10270e1f7dea473a8eea96e3a8bc71eedbcd809ea1435a079b9c1f711200c96efbab5429142a97b012c89

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
d3116439c9c8c44460f0b1471741a550

SHA1
3e480ab1017bc4560adfe7f3f78df8e2d0808572

SHA256
b4876636967d60bc139365cfeb7f98d56932a798e1a589235a792ebf7322d050

SHA512
8ee8466cea987b56a3ffb903570e39962bea14aa18b10270e1f7dea473a8eea96e3a8bc71eedbcd809ea1435a079b9c1f711200c96efbab5429142a97b012c89

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302041749108284112.dll

Filesize
4.6MB

MD5
914ec7fb3d69e977440248ef30323636

SHA1
2aa31e599769f34d0cb6e979947ca5728db9b009

SHA256
528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

SHA512
ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302041749110942428.dll

Filesize
4.6MB

MD5
914ec7fb3d69e977440248ef30323636

SHA1
2aa31e599769f34d0cb6e979947ca5728db9b009

SHA256
528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

SHA512
ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_230204174911813664.dll

Filesize
4.1MB

MD5
7272d87f38d5ba750b960216e7e05e25

SHA1
6175c4afcf9c45833b5f1228ffc3b6d7635db7bd

SHA256
3a6cb572e6f19a8d4caf72e9fc40d6ceb492a05dc2ec06b052929392a5df1b7c

SHA512
e599ff9d6037163322b2db873adcde1e26c901cc5b3a6c28f4a051e8d39bdd7554a3531094aeab1ec7daf802842f61887dc456ee23d4756e5ff008dcb834dc7d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302041749122681300.dll

Filesize
3.8MB

MD5
c59e3ccb252532dfe0f859422000ce23

SHA1
d35759583769b2da9e8d842a13619b640dbabbba

SHA256
97c95a0e59159f3c18f8fb5c36b9617f46efef38d8237931fad72aaa16ff967c

SHA512
6ea233497c70df3e09575a5bf324c8dec2fb6312d60fe260241199a65495b3ef8d53925a7e45b53077e5e265590a067c00cb8b94ec1f8a1dbbd454b0ef2f76f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302041749124224072.dll

Filesize
3.6MB

MD5
ddbe4888783a7045919df81f24af516a

SHA1
7c631a0639ed8514e269210cb6eb7475cd5cf3d4

SHA256
1bb65773f12bc0c112fb128cf81aac38393468de6eb30ee317db1b131efbc503

SHA512
430d6ce4e8721cf2ab10baa49a4df2890c30c67a9c603415dda4f9985e7d49f5bd1100c0695fb67b804f5dc9b71c674b15b43351972c085b0577838aee19a8f9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
7e08af319c9eb3297e09ca7bb8387de4

SHA1
4cf091f77a3eb9437ef33985e64bd10c1257284f

SHA256
6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

SHA512
bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
7e08af319c9eb3297e09ca7bb8387de4

SHA1
4cf091f77a3eb9437ef33985e64bd10c1257284f

SHA256
6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

SHA512
bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
d3116439c9c8c44460f0b1471741a550

SHA1
3e480ab1017bc4560adfe7f3f78df8e2d0808572

SHA256
b4876636967d60bc139365cfeb7f98d56932a798e1a589235a792ebf7322d050

SHA512
8ee8466cea987b56a3ffb903570e39962bea14aa18b10270e1f7dea473a8eea96e3a8bc71eedbcd809ea1435a079b9c1f711200c96efbab5429142a97b012c89

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
d3116439c9c8c44460f0b1471741a550

SHA1
3e480ab1017bc4560adfe7f3f78df8e2d0808572

SHA256
b4876636967d60bc139365cfeb7f98d56932a798e1a589235a792ebf7322d050

SHA512
8ee8466cea987b56a3ffb903570e39962bea14aa18b10270e1f7dea473a8eea96e3a8bc71eedbcd809ea1435a079b9c1f711200c96efbab5429142a97b012c89

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
d3116439c9c8c44460f0b1471741a550

SHA1
3e480ab1017bc4560adfe7f3f78df8e2d0808572

SHA256
b4876636967d60bc139365cfeb7f98d56932a798e1a589235a792ebf7322d050

SHA512
8ee8466cea987b56a3ffb903570e39962bea14aa18b10270e1f7dea473a8eea96e3a8bc71eedbcd809ea1435a079b9c1f711200c96efbab5429142a97b012c89

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
d3116439c9c8c44460f0b1471741a550

SHA1
3e480ab1017bc4560adfe7f3f78df8e2d0808572

SHA256
b4876636967d60bc139365cfeb7f98d56932a798e1a589235a792ebf7322d050

SHA512
8ee8466cea987b56a3ffb903570e39962bea14aa18b10270e1f7dea473a8eea96e3a8bc71eedbcd809ea1435a079b9c1f711200c96efbab5429142a97b012c89

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
d3116439c9c8c44460f0b1471741a550

SHA1
3e480ab1017bc4560adfe7f3f78df8e2d0808572

SHA256
b4876636967d60bc139365cfeb7f98d56932a798e1a589235a792ebf7322d050

SHA512
8ee8466cea987b56a3ffb903570e39962bea14aa18b10270e1f7dea473a8eea96e3a8bc71eedbcd809ea1435a079b9c1f711200c96efbab5429142a97b012c89

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

Filesize
647B

MD5
c16b231a04cd9cc1046b4c66eb2ac854

SHA1
1731d89bb8edc4de18331fcb46b9b60798361545

SHA256
3815cdc4ec7672d341c49105f02612be2c41eee4edc3f56287633572c453d2d6

SHA512
de71697d8e227aa8a1e8d29ea54a2dc2567338bbea7ca99e1eb626867cc010a00236cbbacbb0daf774a8d3e16ddd169d0252c155d71e36e12447e393a7173c40

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
2ee22d8670e0d751e6cc6f9d1f881254

SHA1
885cf6c9d673453c14d85eebeda210050d5f0126

SHA256
48834179f0452ee0285d2164e6bcf6a9f479140280565557f64598b470d257c9

SHA512
40e7a7430b31e3ca216fe1cbcb0c9f95a3b45901123b2156e35d92f43a7332adb9297f03a059bd5399a5bae96f4808d4893270056017a74e84df3c356fe8d62b

Download Submit
memory/664-168-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/1688-143-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1688-137-0x00000000003F0000-0x00000000007D8000-memory.dmp

Filesize
3.9MB

Download
memory/1688-142-0x00000000003F0000-0x00000000007D8000-memory.dmp

Filesize
3.9MB

Download
memory/1688-141-0x00000000064F0000-0x00000000064F3000-memory.dmp

Filesize
12KB

Download
memory/1688-140-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1704-152-0x0000000000930000-0x0000000000D18000-memory.dmp

Filesize
3.9MB

Download
memory/1704-165-0x0000000000930000-0x0000000000D18000-memory.dmp

Filesize
3.9MB

Download
memory/2428-166-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/4112-162-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download