7e49e00be1992fbc4ac14f2e5e3c05dccadf8fba3c3936357d8df7f146f5f0a3

Analysis

max time kernel
19s
max time network
32s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
06-02-2023 19:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.871-Installer-1.0.6.exe
Size

23.7MB
MD5

49fb0f13cdb8d7cad1487889b6becced
SHA1

b71d98ec45e6f7314f0e33106485beef99b2ee7c
SHA256

7e49e00be1992fbc4ac14f2e5e3c05dccadf8fba3c3936357d8df7f146f5f0a3
SHA512

639fa23294556bf77080d420e7e1b5b7c07a8b1e93897c36a4f8e398c1c58de9b91636420102e68f6957c768793797728664e32dc38aa68315746882b4ebe1d9
SSDEEP

393216:XX921sp/n85Pfs/dQETVlOBbpFEj9GZ1GphRqV56Hpk7IXOzDnKI17fyV5:XN8s18hHExiTI3qqHp6zvKcfyV5

Score

8^/10

discovery spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

TLauncher-2.871-Installer-1.0.6.exeirsetup.exeAdditionalExecuteTL.exeirsetup.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	TLauncher-2.871-Installer-1.0.6.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	irsetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	AdditionalExecuteTL.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	irsetup.exe

Executes dropped EXE 7 IoCs

Processes:

irsetup.exeAdditionalExecuteTL.exeirsetup.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exe

pid	process
3084	irsetup.exe
4944	AdditionalExecuteTL.exe
4700	irsetup.exe
2240	opera-installer-bro.exe
5108	opera-installer-bro.exe
788	opera-installer-bro.exe
3920	opera-installer-bro.exe

Loads dropped DLL 7 IoCs

Processes:

irsetup.exeirsetup.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exe

pid	process
3084	irsetup.exe
3084	irsetup.exe
3084	irsetup.exe
4700	irsetup.exe
2240	opera-installer-bro.exe
5108	opera-installer-bro.exe
788	opera-installer-bro.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

UPX packed file 17 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral1/memory/3084-137-0x0000000000740000-0x0000000000B28000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
behavioral1/memory/3084-146-0x0000000000740000-0x0000000000B28000-memory.dmp	upx
behavioral1/memory/4700-152-0x0000000000CE0000-0x00000000010C8000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral1/memory/2240-156-0x0000000000400000-0x0000000000947000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe	upx
behavioral1/memory/788-165-0x0000000000400000-0x0000000000947000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral1/memory/3920-172-0x0000000000400000-0x0000000000947000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 1 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

opera-installer-bro.exe

description ioc process

File opened (read-only) \??\D: opera-installer-bro.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened (read-only)	\??\D:	opera-installer-bro.exe

Suspicious use of SetWindowsHookEx 15 IoCs

Processes:

irsetup.exeAdditionalExecuteTL.exeirsetup.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exe

pid	process
3084	irsetup.exe
3084	irsetup.exe
3084	irsetup.exe
3084	irsetup.exe
3084	irsetup.exe
3084	irsetup.exe
3084	irsetup.exe
4944	AdditionalExecuteTL.exe
4700	irsetup.exe
4700	irsetup.exe
4700	irsetup.exe
2240	opera-installer-bro.exe
5108	opera-installer-bro.exe
788	opera-installer-bro.exe
3920	opera-installer-bro.exe

Suspicious use of WriteProcessMemory 21 IoCs

Processes:

TLauncher-2.871-Installer-1.0.6.exeirsetup.exeAdditionalExecuteTL.exeirsetup.exeopera-installer-bro.exe

description	pid	process	target process
PID 2348 wrote to memory of 3084	2348	TLauncher-2.871-Installer-1.0.6.exe	irsetup.exe
PID 2348 wrote to memory of 3084	2348	TLauncher-2.871-Installer-1.0.6.exe	irsetup.exe
PID 2348 wrote to memory of 3084	2348	TLauncher-2.871-Installer-1.0.6.exe	irsetup.exe
PID 3084 wrote to memory of 4944	3084	irsetup.exe	AdditionalExecuteTL.exe
PID 3084 wrote to memory of 4944	3084	irsetup.exe	AdditionalExecuteTL.exe
PID 3084 wrote to memory of 4944	3084	irsetup.exe	AdditionalExecuteTL.exe
PID 4944 wrote to memory of 4700	4944	AdditionalExecuteTL.exe	irsetup.exe
PID 4944 wrote to memory of 4700	4944	AdditionalExecuteTL.exe	irsetup.exe
PID 4944 wrote to memory of 4700	4944	AdditionalExecuteTL.exe	irsetup.exe
PID 4700 wrote to memory of 2240	4700	irsetup.exe	opera-installer-bro.exe
PID 4700 wrote to memory of 2240	4700	irsetup.exe	opera-installer-bro.exe
PID 4700 wrote to memory of 2240	4700	irsetup.exe	opera-installer-bro.exe
PID 2240 wrote to memory of 5108	2240	opera-installer-bro.exe	opera-installer-bro.exe
PID 2240 wrote to memory of 5108	2240	opera-installer-bro.exe	opera-installer-bro.exe
PID 2240 wrote to memory of 5108	2240	opera-installer-bro.exe	opera-installer-bro.exe
PID 2240 wrote to memory of 788	2240	opera-installer-bro.exe	opera-installer-bro.exe
PID 2240 wrote to memory of 788	2240	opera-installer-bro.exe	opera-installer-bro.exe
PID 2240 wrote to memory of 788	2240	opera-installer-bro.exe	opera-installer-bro.exe
PID 2240 wrote to memory of 3920	2240	opera-installer-bro.exe	opera-installer-bro.exe
PID 2240 wrote to memory of 3920	2240	opera-installer-bro.exe	opera-installer-bro.exe
PID 2240 wrote to memory of 3920	2240	opera-installer-bro.exe	opera-installer-bro.exe

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2348

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe" "__IRCT:3" "__IRTSS:24870711" "__IRSID:S-1-5-21-2971393436-602173351-1645505021-1000"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3084

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4944

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-2971393436-602173351-1645505021-1000"
4⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4700

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2240

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6f8de428,0x6f8de438,0x6f8de444
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5108

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:788

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2240 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230206200225" --session-guid=ac9cd729-fd3e-40d6-98a0-cf6f9cd12419 --server-tracking-blob=Nzc1ODIxMmE2NWRmYzc1M2VkZTM0ZjI2M2YzZGY2OGZiMmIxZThmYzJlNDcyM2E5ZmZkMjhjYmMzMTA4YWRmYzp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzU3MTAxNDQuNjY2MiIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiZjVkN2I0NzYtNmNjMy00Zjc5LWEwZDItYTI5ZmYxMjJhM2Q5In0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=C005000000000000
6⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3920

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x34c,0x350,0x354,0x31c,0x358,0x6edbe428,0x6edbe438,0x6edbe444
7⤵
PID:3960

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials in Files

T1081

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Data from Local System

T1005

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
471B

MD5
3dafab4edf63fd8fddf39bc590c0d564

SHA1
f8c6aafd9c9cfcb1d1e98be8dd0d9aa543aab316

SHA256
acaa2644dbba359eb70b0f0cf46054e17a2cd94b9edcd84566b25451fcab78bc

SHA512
89233bd5215ab8637f71d3bd0b5acb13ec75381e49165875b32d589b9ead7ae483ed777e3717d12c7d80dafeffff49f2439c1e163c93519b899af56b7c5b86cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
434B

MD5
a27ec3bea0a8e0032a54dbd852d14c0b

SHA1
7797f25d87523ee640b1e5a5a4f1dd3d16e7cba1

SHA256
ac74462c135d766c15fbbf72f4b1deb9d1b5d24ee6e6f247bb466b358d465566

SHA512
28f41725e36928d966ca7945fdf987a8517309c5c7a303d7a642dc14001957a06166fbb032641b172c369bccfc95aec83572623ccdca630059b37c9ee7da9b4f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
931830167cd13499228b7d83c46ca74c

SHA1
2391ed6d122c06acef8249f08c0e5d494556f6a5

SHA256
4eb582029854a6ac8e8742c7535db2f127471461479eee34d659177026cdb0da

SHA512
05f112ad007703ef2a0fb0776a5ff60df38d153a8e5be2d03b65274358cc013de53295d2822ebbc7adfd1adc93d3e5d6de6492073c9380bd00aa121c9e2437b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
931830167cd13499228b7d83c46ca74c

SHA1
2391ed6d122c06acef8249f08c0e5d494556f6a5

SHA256
4eb582029854a6ac8e8742c7535db2f127471461479eee34d659177026cdb0da

SHA512
05f112ad007703ef2a0fb0776a5ff60df38d153a8e5be2d03b65274358cc013de53295d2822ebbc7adfd1adc93d3e5d6de6492073c9380bd00aa121c9e2437b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302062002230522240.dll
Filesize
4.6MB

MD5
914ec7fb3d69e977440248ef30323636

SHA1
2aa31e599769f34d0cb6e979947ca5728db9b009

SHA256
528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

SHA512
ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302062002244275108.dll
Filesize
4.6MB

MD5
914ec7fb3d69e977440248ef30323636

SHA1
2aa31e599769f34d0cb6e979947ca5728db9b009

SHA256
528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

SHA512
ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_230206200225380788.dll
Filesize
4.6MB

MD5
914ec7fb3d69e977440248ef30323636

SHA1
2aa31e599769f34d0cb6e979947ca5728db9b009

SHA256
528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

SHA512
ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302062002261623920.dll
Filesize
4.6MB

MD5
914ec7fb3d69e977440248ef30323636

SHA1
2aa31e599769f34d0cb6e979947ca5728db9b009

SHA256
528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

SHA512
ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302062002320683960.dll
Filesize
640KB

MD5
fd3a7d33eaa5a56cef0aca6e82225b80

SHA1
3e01213a28626fa1599e9bb43cb74192dd5625de

SHA256
5c581cbb6025e85d0ac6e065f853c6688f0003ebbe1ac90c6805b74d8f7dff32

SHA512
be78205d476203b63cab6ae45fbff126e1e999245106dab73d0db5796f60f9f8c5e20f5493d8990baed874c532080c2df2f185ebe9374e0c16c66cb445a145d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
ec4efe0ebb80b619737bd26180cc76cc

SHA1
7fd72c0eb6bee289e4b2714cf1fb8c197754811b

SHA256
b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

SHA512
384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
ec4efe0ebb80b619737bd26180cc76cc

SHA1
7fd72c0eb6bee289e4b2714cf1fb8c197754811b

SHA256
b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

SHA512
384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
931830167cd13499228b7d83c46ca74c

SHA1
2391ed6d122c06acef8249f08c0e5d494556f6a5

SHA256
4eb582029854a6ac8e8742c7535db2f127471461479eee34d659177026cdb0da

SHA512
05f112ad007703ef2a0fb0776a5ff60df38d153a8e5be2d03b65274358cc013de53295d2822ebbc7adfd1adc93d3e5d6de6492073c9380bd00aa121c9e2437b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
931830167cd13499228b7d83c46ca74c

SHA1
2391ed6d122c06acef8249f08c0e5d494556f6a5

SHA256
4eb582029854a6ac8e8742c7535db2f127471461479eee34d659177026cdb0da

SHA512
05f112ad007703ef2a0fb0776a5ff60df38d153a8e5be2d03b65274358cc013de53295d2822ebbc7adfd1adc93d3e5d6de6492073c9380bd00aa121c9e2437b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
931830167cd13499228b7d83c46ca74c

SHA1
2391ed6d122c06acef8249f08c0e5d494556f6a5

SHA256
4eb582029854a6ac8e8742c7535db2f127471461479eee34d659177026cdb0da

SHA512
05f112ad007703ef2a0fb0776a5ff60df38d153a8e5be2d03b65274358cc013de53295d2822ebbc7adfd1adc93d3e5d6de6492073c9380bd00aa121c9e2437b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
931830167cd13499228b7d83c46ca74c

SHA1
2391ed6d122c06acef8249f08c0e5d494556f6a5

SHA256
4eb582029854a6ac8e8742c7535db2f127471461479eee34d659177026cdb0da

SHA512
05f112ad007703ef2a0fb0776a5ff60df38d153a8e5be2d03b65274358cc013de53295d2822ebbc7adfd1adc93d3e5d6de6492073c9380bd00aa121c9e2437b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
931830167cd13499228b7d83c46ca74c

SHA1
2391ed6d122c06acef8249f08c0e5d494556f6a5

SHA256
4eb582029854a6ac8e8742c7535db2f127471461479eee34d659177026cdb0da

SHA512
05f112ad007703ef2a0fb0776a5ff60df38d153a8e5be2d03b65274358cc013de53295d2822ebbc7adfd1adc93d3e5d6de6492073c9380bd00aa121c9e2437b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
Filesize
645B

MD5
2b8668c70ff81539d87b60a67f4db74b

SHA1
1b0e6d753878ac7b6973a52e5f0ef290f893e05f

SHA256
fde878ab9cdab072e39700a61799a26e0abaa4534b8907b25edbece36ff76e81

SHA512
9adacc89f3be1da9dd3f28d737011153238afb5a65aac8cf30b8ccf531392e77d0e70e5540173f091dc6c6ac10243f25dd2c0e2ba3cef87e1b47e9c9a9331cbe

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
Filesize
40B

MD5
8c3a9d664a40b41e72ebeeb915007cfc

SHA1
5c22897ce6d42ad4f54dff2d97c0555fee7596ad

SHA256
3b466a03c96215ebb4839f7f5c0b46385e30e6e208bb2e490b56039bef22c9aa

SHA512
b33aa4b58856120f17f1b6b65e2b1da849c7c7bfe3cb4310fb78543e1091bcafa31afd10c828023c30c29869b138629ba50e98a2f23feb023f04442f6d34a21d

Download Submit
memory/788-165-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/788-161-0x0000000000000000-mapping.dmp

Download
memory/2240-156-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/2240-153-0x0000000000000000-mapping.dmp

Download
memory/3084-140-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/3084-141-0x0000000006E50000-0x0000000006E53000-memory.dmp

Filesize
12KB

Download
memory/3084-146-0x0000000000740000-0x0000000000B28000-memory.dmp

Filesize
3.9MB

Download
memory/3084-137-0x0000000000740000-0x0000000000B28000-memory.dmp

Filesize
3.9MB

Download
memory/3084-132-0x0000000000000000-mapping.dmp

Download
memory/3920-166-0x0000000000000000-mapping.dmp

Download
memory/3920-172-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/3960-171-0x0000000000000000-mapping.dmp

Download
memory/4700-145-0x0000000000000000-mapping.dmp

Download
memory/4700-152-0x0000000000CE0000-0x00000000010C8000-memory.dmp

Filesize
3.9MB

Download
memory/4944-142-0x0000000000000000-mapping.dmp

Download
memory/5108-158-0x0000000000000000-mapping.dmp

Download