bazarbackdoor | db4104e1c6b9e7f82b97ce171a0196aa52a2a05733ba078ba636a8d563448b93

Analysis

max time kernel
150s
max time network
152s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
12-03-2023 02:23

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

$R2I9WIQ.exe
Size

21.6MB
MD5

3fd4f4a37bb70740e1121d42f4d65777
SHA1

b869dc12cab4d24d8576e3d0e9802ab07c13b78c
SHA256

db4104e1c6b9e7f82b97ce171a0196aa52a2a05733ba078ba636a8d563448b93
SHA512

fa1e89512677062995d84df4e6fca7fc3535a64e0b2fdbec128d72a3c0abd9d1f4f62e084d0bdeeffc92cc3c546ddb4c0b2778b149e25f00a655d9b375918fd4
SSDEEP

393216:+Xw7T+J/n8IPfs/dQETVlOBbpFEj9GZdqV56Hpk7IXOzDnKI17fyVn:+gv+V8aHExiTTqqHp6zvKcfyVn

Score

10^/10

bazarbackdoor backdoor discovery spyware stealer upx

Malware Config

Signatures

BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
backdoor bazarbackdoor

Bazar/Team9 Backdoor payload 5 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\jre-windows.exe	BazarBackdoorVar3
\Users\Admin\AppData\Local\Temp\jre-windows.exe	BazarBackdoorVar3
\Users\Admin\AppData\Local\Temp\jds7165515.tmp\jre-windows.exe	BazarBackdoorVar3
C:\Users\Admin\AppData\Local\Temp\jds7165515.tmp\jre-windows.exe	BazarBackdoorVar3
C:\Users\Admin\AppData\Local\Temp\jds7165515.tmp\jre-windows.exe	BazarBackdoorVar3

Downloads MZ/PE file

Executes dropped EXE 13 IoCs

Processes:

irsetup.exeAdditionalExecuteTL.exeirsetup.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exejre-windows.exejre-windows.exe_sfx.exeassistant_installer.exeassistant_installer.exe

pid	process
1468	irsetup.exe
1236	AdditionalExecuteTL.exe
1216	irsetup.exe
1972	opera-installer-bro.exe
1476	opera-installer-bro.exe
452	opera-installer-bro.exe
620	opera-installer-bro.exe
1216	opera-installer-bro.exe
744	jre-windows.exe
1904	jre-windows.exe
1420	_sfx.exe
1888	assistant_installer.exe
1772	assistant_installer.exe

Loads dropped DLL 41 IoCs

Processes:

$R2I9WIQ.exeirsetup.exeAdditionalExecuteTL.exeirsetup.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exejre-windows.exeassistant_installer.exe

pid	process
1360	$R2I9WIQ.exe
1360	$R2I9WIQ.exe
1360	$R2I9WIQ.exe
1360	$R2I9WIQ.exe
1468	irsetup.exe
1468	irsetup.exe
1468	irsetup.exe
1468	irsetup.exe
1468	irsetup.exe
1468	irsetup.exe
1468	irsetup.exe
1468	irsetup.exe
1236	AdditionalExecuteTL.exe
1236	AdditionalExecuteTL.exe
1236	AdditionalExecuteTL.exe
1236	AdditionalExecuteTL.exe
1216	irsetup.exe
1216	irsetup.exe
1216	irsetup.exe
1216	irsetup.exe
1216	irsetup.exe
1216	irsetup.exe
1216	irsetup.exe
1216	irsetup.exe
1972	opera-installer-bro.exe
1972	opera-installer-bro.exe
1476	opera-installer-bro.exe
1972	opera-installer-bro.exe
452	opera-installer-bro.exe
1972	opera-installer-bro.exe
620	opera-installer-bro.exe
620	opera-installer-bro.exe
1216	opera-installer-bro.exe
1468	irsetup.exe
744	jre-windows.exe
1972	opera-installer-bro.exe
1972	opera-installer-bro.exe
1972	opera-installer-bro.exe
1972	opera-installer-bro.exe
1888	assistant_installer.exe
1320

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

UPX packed file 51 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral1/memory/1468-73-0x00000000001D0000-0x00000000005B8000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral1/memory/1468-366-0x00000000001D0000-0x00000000005B8000-memory.dmp	upx
behavioral1/memory/1468-382-0x00000000001D0000-0x00000000005B8000-memory.dmp	upx
behavioral1/memory/1468-383-0x00000000001D0000-0x00000000005B8000-memory.dmp	upx
behavioral1/memory/1468-391-0x00000000001D0000-0x00000000005B8000-memory.dmp	upx
behavioral1/memory/1468-424-0x00000000001D0000-0x00000000005B8000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
behavioral1/memory/1216-484-0x00000000009B0000-0x0000000000D98000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral1/memory/1468-1313-0x00000000001D0000-0x00000000005B8000-memory.dmp	upx
behavioral1/memory/1972-1337-0x0000000000C90000-0x00000000011DA000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral1/memory/1216-1352-0x00000000009B0000-0x0000000000D98000-memory.dmp	upx
behavioral1/memory/1476-1365-0x0000000000C90000-0x00000000011DA000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe	upx
behavioral1/memory/452-1382-0x0000000000E50000-0x000000000139A000-memory.dmp	upx
behavioral1/memory/452-1386-0x0000000000E50000-0x000000000139A000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral1/memory/620-1413-0x0000000000C90000-0x00000000011DA000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral1/memory/1468-1452-0x00000000001D0000-0x00000000005B8000-memory.dmp	upx
behavioral1/memory/1216-1457-0x0000000000C90000-0x00000000011DA000-memory.dmp	upx
behavioral1/memory/1468-1461-0x00000000001D0000-0x00000000005B8000-memory.dmp	upx
behavioral1/memory/1468-1593-0x00000000001D0000-0x00000000005B8000-memory.dmp	upx
behavioral1/memory/1468-1773-0x00000000001D0000-0x00000000005B8000-memory.dmp	upx
behavioral1/memory/1468-1823-0x00000000001D0000-0x00000000005B8000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

opera-installer-bro.exeopera-installer-bro.exe

description ioc process

File opened (read-only) \??\D: opera-installer-bro.exe
File opened (read-only) \??\D: opera-installer-bro.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened (read-only)	\??\D:	opera-installer-bro.exe
File opened (read-only)	\??\D:	opera-installer-bro.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

irsetup.exejre-windows.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	irsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	jre-windows.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

opera-installer-bro.exeirsetup.exeirsetup.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	irsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	irsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	irsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	irsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	irsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	irsetup.exe

Suspicious use of SetWindowsHookEx 10 IoCs

Processes:

irsetup.exeirsetup.exejre-windows.exe

pid	process
1468	irsetup.exe
1468	irsetup.exe
1468	irsetup.exe
1468	irsetup.exe
1468	irsetup.exe
1468	irsetup.exe
1216	irsetup.exe
1216	irsetup.exe
1904	jre-windows.exe
1904	jre-windows.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

$R2I9WIQ.exeirsetup.exeAdditionalExecuteTL.exeirsetup.exeopera-installer-bro.exeopera-installer-bro.exejre-windows.exe

description	pid	process	target process
PID 1360 wrote to memory of 1468	1360	$R2I9WIQ.exe	irsetup.exe
PID 1360 wrote to memory of 1468	1360	$R2I9WIQ.exe	irsetup.exe
PID 1360 wrote to memory of 1468	1360	$R2I9WIQ.exe	irsetup.exe
PID 1360 wrote to memory of 1468	1360	$R2I9WIQ.exe	irsetup.exe
PID 1360 wrote to memory of 1468	1360	$R2I9WIQ.exe	irsetup.exe
PID 1360 wrote to memory of 1468	1360	$R2I9WIQ.exe	irsetup.exe
PID 1360 wrote to memory of 1468	1360	$R2I9WIQ.exe	irsetup.exe
PID 1468 wrote to memory of 1236	1468	irsetup.exe	AdditionalExecuteTL.exe
PID 1468 wrote to memory of 1236	1468	irsetup.exe	AdditionalExecuteTL.exe
PID 1468 wrote to memory of 1236	1468	irsetup.exe	AdditionalExecuteTL.exe
PID 1468 wrote to memory of 1236	1468	irsetup.exe	AdditionalExecuteTL.exe
PID 1236 wrote to memory of 1216	1236	AdditionalExecuteTL.exe	irsetup.exe
PID 1236 wrote to memory of 1216	1236	AdditionalExecuteTL.exe	irsetup.exe
PID 1236 wrote to memory of 1216	1236	AdditionalExecuteTL.exe	irsetup.exe
PID 1236 wrote to memory of 1216	1236	AdditionalExecuteTL.exe	irsetup.exe
PID 1236 wrote to memory of 1216	1236	AdditionalExecuteTL.exe	irsetup.exe
PID 1236 wrote to memory of 1216	1236	AdditionalExecuteTL.exe	irsetup.exe
PID 1236 wrote to memory of 1216	1236	AdditionalExecuteTL.exe	irsetup.exe
PID 1216 wrote to memory of 1972	1216	irsetup.exe	opera-installer-bro.exe
PID 1216 wrote to memory of 1972	1216	irsetup.exe	opera-installer-bro.exe
PID 1216 wrote to memory of 1972	1216	irsetup.exe	opera-installer-bro.exe
PID 1216 wrote to memory of 1972	1216	irsetup.exe	opera-installer-bro.exe
PID 1216 wrote to memory of 1972	1216	irsetup.exe	opera-installer-bro.exe
PID 1216 wrote to memory of 1972	1216	irsetup.exe	opera-installer-bro.exe
PID 1216 wrote to memory of 1972	1216	irsetup.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 1476	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 1476	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 1476	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 1476	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 1476	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 1476	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 1476	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 452	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 452	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 452	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 452	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 452	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 452	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 452	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 620	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 620	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 620	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 620	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 620	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 620	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 620	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 620 wrote to memory of 1216	620	opera-installer-bro.exe	opera-installer-bro.exe
PID 620 wrote to memory of 1216	620	opera-installer-bro.exe	opera-installer-bro.exe
PID 620 wrote to memory of 1216	620	opera-installer-bro.exe	opera-installer-bro.exe
PID 620 wrote to memory of 1216	620	opera-installer-bro.exe	opera-installer-bro.exe
PID 620 wrote to memory of 1216	620	opera-installer-bro.exe	opera-installer-bro.exe
PID 620 wrote to memory of 1216	620	opera-installer-bro.exe	opera-installer-bro.exe
PID 620 wrote to memory of 1216	620	opera-installer-bro.exe	opera-installer-bro.exe
PID 1468 wrote to memory of 744	1468	irsetup.exe	jre-windows.exe
PID 1468 wrote to memory of 744	1468	irsetup.exe	jre-windows.exe
PID 1468 wrote to memory of 744	1468	irsetup.exe	jre-windows.exe
PID 1468 wrote to memory of 744	1468	irsetup.exe	jre-windows.exe
PID 744 wrote to memory of 1904	744	jre-windows.exe	jre-windows.exe
PID 744 wrote to memory of 1904	744	jre-windows.exe	jre-windows.exe
PID 744 wrote to memory of 1904	744	jre-windows.exe	jre-windows.exe
PID 1972 wrote to memory of 1420	1972	opera-installer-bro.exe	_sfx.exe
PID 1972 wrote to memory of 1420	1972	opera-installer-bro.exe	_sfx.exe
PID 1972 wrote to memory of 1420	1972	opera-installer-bro.exe	_sfx.exe
PID 1972 wrote to memory of 1420	1972	opera-installer-bro.exe	_sfx.exe

C:\Users\Admin\AppData\Local\Temp\$R2I9WIQ.exe
"C:\Users\Admin\AppData\Local\Temp\$R2I9WIQ.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1360
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\$R2I9WIQ.exe" "__IRCT:3" "__IRTSS:22640484" "__IRSID:S-1-5-21-3430344531-3702557399-3004411149-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1468
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1236
  - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-3430344531-3702557399-3004411149-1000"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Modifies system certificate store
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:1216
    - - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Modifies system certificate store
        Suspicious use of WriteProcessMemory
        
        PID:1972
      - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x188,0x18c,0x190,0x15c,0x194,0x710f24a8,0x710f24b8,0x710f24c4
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1476
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:452
      - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1972 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230312032540" --session-guid=5d4a07b9-9079-4057-ae05-ae1a227783a9 --server-tracking-blob=YWIwN2M5M2FjYzI5ZjliMGNjNTlkMzlmMGZjOTczMzRiMzNmYjY2N2NiMjExYjg4Y2YxZGY0NDQ1ZDgwZjVmMDp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjciLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNjc4NTg3OTMyLjc4MzciLCJ1c2VyYWdlbnQiOiJTZXR1cCBGYWN0b3J5IDkuMCIsInV0bSI6eyJjYW1wYWlnbiI6Ik9wZXJhRGVza3RvcCIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik1TVEwifSwidXVpZCI6ImJiZmZjNzg0LTNjZTQtNDRkMS1iYmE0LTczMWY0NzI1OGRmOCJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2403000000000000
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Suspicious use of WriteProcessMemory
        
        PID:620
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x194,0x198,0x19c,0x15c,0x1a0,0x706524a8,0x706524b8,0x706524c4
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1216
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303120325401\assistant\_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303120325401\assistant\_sfx.exe"
        6⤵
        Executes dropped EXE
        
        PID:1420
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303120325401\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303120325401\assistant\assistant_installer.exe" --version
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:1888
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303120325401\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303120325401\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x12c,0x130,0x134,0x100,0x138,0x1406c28,0x1406c38,0x1406c44
        7⤵
        Executes dropped EXE
        
        PID:1772
- - C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
    "C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:744
  - - C:\Users\Admin\AppData\Local\Temp\jds7165515.tmp\jre-windows.exe
      "C:\Users\Admin\AppData\Local\Temp\jds7165515.tmp\jre-windows.exe" "STATIC=1"
      4⤵
      Executes dropped EXE
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:1904

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
b8095ea597420c788072cd5932be8cfe

SHA1
22b4e43ffb177841e5ce1d076350607c12dfab3f

SHA256
9aa288ef424642c451824b3cf0eed97a2ba88f6e1ca0f03d818487fb67949271

SHA512
73e2e4af9da2a3ad3d66673f99ce0f66554813ac17d2445a2a39f4499247d0f4af46c385694c5c3fda6fde23ac7aafbd5c59b8ce28f78b5fd79151a6a71f3964

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
471B

MD5
bcdd6b617b99534b7168575bd7c7b23f

SHA1
e8efe8e3bd6cb1c56c3f47cb1955fa946ba168c1

SHA256
22aa3bafc2f1ff7ba2c730b2b3751abfbf104612f4bca399efc58c0ab74a1fb9

SHA512
7dc8e485f3d91adec3533bebad0d970928ac611ae39396b6c16b9484006d40f4abb5ed72a2a48117e30a9232db4e8ab822c1a5120f7c43f51176d0af4823672e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
532b427deda8a20cf0dde0317784fdc1

SHA1
19518ea62f7bbe1115e97daa709fd8c77e6997c4

SHA256
b992775d5c57d30f2e60246dacb0ebda6a418c90285a184b7dd951255d1d0197

SHA512
eb1bda626b8246af5d0ece5589e35c30575587c0560e83b45d12963ca6e5c2c7be87560718bcb4682d813a4404e00dc64ac97a279e93f169fc666e17dae3e05b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
342B

MD5
fc7cfc0ef6433eff7a8a1b23613b2088

SHA1
645ecac9fb2c141a6d53249a541e35fd4795200e

SHA256
46e36dfdd6a526b3f94743f79071daea328e1540259bf9ba13c9d9a0f0bc2555

SHA512
0c06778cd7b50f46e1ba044e0f2d52761229b4df0ca90d7bd84e8df807729144d793e1421635e0598894fe32c7507e2f0589883c25a724a764cc5cce8c321317

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
c580326b4a59ada044ac7abb781e6b49

SHA1
2fc59d5bd6f5d9069a0d3751baf56e354071ce13

SHA256
455cebdf11bc4e383f1e86d11df38c93609e2ad0e72beefa3a773a9bf08be070

SHA512
81bf5b7e836382d67caf7cfa8cd1ddd10c08cb408ddc6238df7e29c4bef5a3698979010225edbf8c58fb1df6e736ac979e364e34e9eb7bb71a49ff0f39deadd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
434B

MD5
8390976f0f5b4e45ca3e7b20a66387ae

SHA1
a4e661c1bc6455e948f4f0d3db2b0f6570cc6e6a

SHA256
8b003b71e20f680dfa320473c6c5ee0d12d2a955630f4f4e4bdc6f32d6300a91

SHA512
5105d1844e4c8799163d80571e0a0d6942b1d62399aadfc48e5b57ecf07ac7cc25e92fad6bbb6239603f7573221b2690d3c3af9298c31fd06f5ff0df23631574

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303120325401\additional_file0.tmp

Filesize
1.7MB

MD5
b386cdcb413405daa8219af8e4cbd318

SHA1
ce275ff8514fef0629c915a6ee7b5ac481b9043d

SHA256
408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e

SHA512
91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303120325401\opera_package

Filesize
86.9MB

MD5
52059f9908aca2af15df265bfb73517f

SHA1
141ce7239b067ee7b266594ea6bb23e730f73621

SHA256
7b8ee89686128fb3e73542395e49eec5da3f730039de32ac2cfe58a4e7525b73

SHA512
191df166c778d6ddd9cbb4ba17d24945aeb6554183eff1084dfa07221114f3d420074176a329fb561fe75600ee874e115b7c32a4ca3f795096e907ca3f601266

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab33F.tmp

Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_230312032540089452.dll

Filesize
4.6MB

MD5
02cdbf798a668878b72b920b6e265272

SHA1
2301a19f2e1003656463d77d536aa18d27cdd513

SHA256
c9da947548474485935e7e8780b765fa6b8b4ad3afc4a1ad216fbe1097f8ad94

SHA512
d4b10633b2bd5845b05c6880f3a4812f69e590e157c45e49d59594d8c78fbc385b89dfec058ae1461cac6175cb318d27839d7f462e550cf3d2338933c4b18aaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar1C5A.tmp

Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG

Filesize
339B

MD5
9b1cde4d8de6713e0d94a29db10eb467

SHA1
3f9ba4061ddf991d625bc358c3df018ce0ccccab

SHA256
b7bfd0a4830175ee7fe8c63d6588b007f1120ec1efdb213c09f1e9b3c91ed4cf

SHA512
670789f023f3ec9bce6748abbadeea0a004c64678966cba4ab8c2370233cade7ed5a9df365011b945d76947405e8a963b4a590f982765b3653c20116c9f03a6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG105.PNG

Filesize
1KB

MD5
ddf14a632b55722157c667e84115583e

SHA1
c6adf1b1ef7a42550af1ba15c8b923c5be65d034

SHA256
9697203aaaddf2a378fe93e683d07212ced2a02479314d70e48ef26598b6b639

SHA512
fbe3a2382345cc0310c6d34ceb749f0432a5aaa5dd6c19016451a3b440e57e36d4809c2d94cc587adde1f5d19af252bbadff58c3276b39d2c0e1db79794912ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG108.PNG

Filesize
2KB

MD5
dfbcdef2ce486b1906a2a82f2eb76252

SHA1
728637c320d8764a88e6d7cf2bd0da28d9118c00

SHA256
75825ca77c3f71105b6dfa87171c376d443b4da680e90eb4f045f16e10dcb274

SHA512
250595ca264e54bc595ba547121c94b8e62e28da0843692536bc9b03616f3c161795db2422052859d6725bd1393c8a28b4345d1e49bf52794a2c1157073f1a1b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG123.PNG

Filesize
40KB

MD5
26d482a9bbb9c0fd478044355406ac10

SHA1
0f44ccaa0803a9acf48cc265f075d04ebf2e368f

SHA256
3cd0469dda3bab7cf2efe851379aad9f4e44200a85bf10d2e0d92b292419e6a0

SHA512
37c9f54d1e1cd0f8db6cb83c431aeb07c61172057416fb4743a091d97ae38980801b6353ced45a49ec25d6002f9a85660d9f9f540e74fdf9cedc913c452315ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG

Filesize
280B

MD5
ddfa9d4dd306f76ade792484483b97e7

SHA1
4455ba407a7af9e861a16fea4c9993a0b9ca85a4

SHA256
730c0f409f836c50edf05e50f3fcf48c2e21eb30e292868cb14ed694e9e3273e

SHA512
f803b46bce2867c66df86dbac6910c0b07ed80a4f528e614ed66675a64686288cd37a8b12e66f70d5ec2036ef90db896df2b32a93a5b2c318fe7ed88cffbf975

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG22.PNG

Filesize
1KB

MD5
d2e568be42843c3a8ce877e14506cc5b

SHA1
f8f4a1bee36009c3145198b613995855404d4e43

SHA256
dc28a97fcd2f52992189c6f24f9e5d99e13e59eda6f45f4cd1ef635acfff29ab

SHA512
4f3eda687e43a6bb827cbd4712d627948cfbb022f7d4d4b70e8944fd3217974189f6a3bdee24de66205128a466a6197830de8c7dec2d7e7605e15a4d1777ed47

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG

Filesize
281B

MD5
0db1bfe2c486ced3b623bef4239f6fa6

SHA1
9fb1a9cbc386581713b6c17492a4e4996dfe7b92

SHA256
044908ff004ef4b861b706a19a71bfb1d2179329db1bfd46f32fe86d54b32c7c

SHA512
04edea3ada9aac0319d1ceb42b56128fe86a77e0ba5a4a78e91a0fa876d48b51514f054947be538245205f52002dfc6612b99c59a136b9c251cd0c0dc42e55b2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG41.PNG

Filesize
457B

MD5
6ac92e72056c5e1da54316378d852683

SHA1
33f4e0ff77257099156b46db0dd89162ff8bb56e

SHA256
e79e7703fc11c5261354c607113d7e173d266e765203de91980aca7e817e8f01

SHA512
0c59a02d11bcc35d50125352ba865bbc5dddf37332476631227fc083f0713c5a346a096291edd27e171830c4b83845b5693e3a3ca79e1daef28e6190aa24afb2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG42.PNG

Filesize
352B

MD5
cbb632e51a9c5c2955f9c0944c414831

SHA1
7ead327306e9e413e58a0923de3fd28fa6cf461f

SHA256
8cf449ed1f01d835faad56fb15e073cff95e8bfea6f8572edef160638b055ef6

SHA512
8abb5e5a82934e08b20e07a91f232a008e39f06ea098886b221bc9294bec6ceac4328f404b93ebb88fc66bb43fb179983c7f868e15a4c63d9294e0ea08db96a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG

Filesize
43KB

MD5
3d6702d93a77a0581de453d501237a25

SHA1
ac501c14fafb4aa106ba50327e9ff8cb0c1c6799

SHA256
a349d5ae9ff58797c79ff58ec7fd0ae30a60e3d3d7db116753df13719d7b3952

SHA512
9dd11b3247e79d3f7666759bffba4de7b02d6a41855f6e358022beda8fab9486e08850aca8c8398ac6845cc33d5ff5d5663aeb90726dd6ef615aa2e7d28f1eca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG

Filesize
1KB

MD5
1b7b5c6a6d05c94bcc83cb408ea83371

SHA1
e1ba18d8c5d076356aea91d96c9e513c5dec308f

SHA256
263bc75c2b8c0cb7644c27bb57562b4e65429908dd28df621f185383836b894b

SHA512
28ea7d74f891b618469912e3da2e1117e1b1822509141c6b6df06e0e676b11b1136f63e020bda7fe98e5250b156cfb721e5a4424ea2222190f66c70e31252d72

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
92d1c01623cc06eb11096ff6e4fa7206

SHA1
059ccb8ba1228662adc487e8e17844651e856ca6

SHA256
667aa7c3017b648709ed7870f537b15484e2b90c939ffca5174faec5f2e3005f

SHA512
aba40d8b32655177b7aafb203fd9edf58eeda701fa121955ef510d4399ca4184b97cc58235e83bb782f630f0a59c24c130dcf73085dacc37003beb626387665d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
92d1c01623cc06eb11096ff6e4fa7206

SHA1
059ccb8ba1228662adc487e8e17844651e856ca6

SHA256
667aa7c3017b648709ed7870f537b15484e2b90c939ffca5174faec5f2e3005f

SHA512
aba40d8b32655177b7aafb203fd9edf58eeda701fa121955ef510d4399ca4184b97cc58235e83bb782f630f0a59c24c130dcf73085dacc37003beb626387665d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
92d1c01623cc06eb11096ff6e4fa7206

SHA1
059ccb8ba1228662adc487e8e17844651e856ca6

SHA256
667aa7c3017b648709ed7870f537b15484e2b90c939ffca5174faec5f2e3005f

SHA512
aba40d8b32655177b7aafb203fd9edf58eeda701fa121955ef510d4399ca4184b97cc58235e83bb782f630f0a59c24c130dcf73085dacc37003beb626387665d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

Filesize
106KB

MD5
51be149c8e20df63087c584165516ecd

SHA1
feabbb95b65e6929f086266b06ee1cfef83539a7

SHA256
b949eb246d81688efea07a7655652107ad435f37d493d93dd68c88a9fe6f3e33

SHA512
6f24e4caafd6af85c2f8641d7f2b066dfafa7d6abb512fa62f3642eaa42b549692b15043a3bf0e13cb1fae377fc1d3139dcf5cea3d4def24de197f75297e17f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds7165515.tmp\jre-windows.exe

Filesize
84.1MB

MD5
dfcfc788d67437530a50177164db42b0

SHA1
2d9ed0dc5671a358186dcf83abb74bfe39c40e9f

SHA256
a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1

SHA512
dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\jds7165515.tmp\jre-windows.exe

Filesize
84.1MB

MD5
dfcfc788d67437530a50177164db42b0

SHA1
2d9ed0dc5671a358186dcf83abb74bfe39c40e9f

SHA256
a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1

SHA512
dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\jre-windows.exe

Filesize
84.5MB

MD5
7542ec421a2f6e90751e8b64c22e0542

SHA1
d207d221a28ede5c2c8415f82c555989aa7068ba

SHA256
188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6

SHA512
8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
4KB

MD5
f3fce2eed9a1aac264a0a19a7b85b390

SHA1
717075029d90484932f21eeb4e7148d5f7803d18

SHA256
ab52025481c5b5affbbfbdb109f84e5b665b46dfbcd39056ad1fad36c40ead5a

SHA512
773c2a5fabf6e93161698448f5f4b847e592d6395852b34c9d2ca10d132d2c9401235f86c4f3d9a51bdf33ed648dfab2aa63b9678e802dd61869932431b34b3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
4KB

MD5
f3fce2eed9a1aac264a0a19a7b85b390

SHA1
717075029d90484932f21eeb4e7148d5f7803d18

SHA256
ab52025481c5b5affbbfbdb109f84e5b665b46dfbcd39056ad1fad36c40ead5a

SHA512
773c2a5fabf6e93161698448f5f4b847e592d6395852b34c9d2ca10d132d2c9401235f86c4f3d9a51bdf33ed648dfab2aa63b9678e802dd61869932431b34b3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log

Filesize
12KB

MD5
2c32920906c0773e0c49f9216faccef2

SHA1
bc947967c013c220195da7d491c42fa5ec45665a

SHA256
61908554150e5c71faf21f87aa47c3dcdd189827b00e9b91b67069907c55bccb

SHA512
0af561ad2e8fb12e21bef9189599feb9f2ae517019706747f49083c4fdea8a1eab3f020eb111580be8cb894a20e240c9e6d08d1e0f3ffbfc87e4c78c64907822

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

Filesize
602B

MD5
dbc449a2f92e55a2a572513077c2f8c8

SHA1
f59fc247dab27670181d8bb55c6cf6868aef20e0

SHA256
b547b8c90e50f1fe329bd483abc5fe2125296519f4d318ddf7383c2e17e6a15f

SHA512
27360fbabab555c757ab6790dbb5c27a1103f1d7d6afa1a017892e988772799b42e286ed4cddfdf5b2f03a984285ac1d7ffba6f34cfb54d209955b5f682bb3f1

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP

Filesize
451KB

MD5
0b445ace8798426e7185f52b7b7b6d1e

SHA1
7a77b46e0848cc9b32283ccb3f91a18c0934c079

SHA256
2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6

SHA512
51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG

Filesize
1KB

MD5
905edb67ced86b964e87aa2d4979862f

SHA1
561d6e61986960979582ea8cec795355bae1c3e5

SHA256
2d540bd79a70400095b6bb23fa203bab28d2e67d16cf172f04918a23f49e1cb1

SHA512
c1cec3076d9884dfdd6105d935871db4a65302d8019ffa97906a83330a51a0e7eb46b3720ccb3e3f4f68500895ad7794867e7a631136bd21eda9beaab9ffce9d

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

Filesize
45KB

MD5
b88d9a2095fda3acbe81f54fa45d2008

SHA1
0c8f6579c44d9dc25310144f1f2be647a09511e8

SHA256
a7152ee6e7521e37cf7055b9d312b3b11c47a233428c7954ced7cec935f556bc

SHA512
9e8a75767f0c45d07ff4a956d0e7a01e28ef96a7fc2611fd5efd7112396520a57f7e12e410dc0cb559ac9c1546534e98eb71883b9518e2e9418d68de01d837a2

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG45.PNG

Filesize
438B

MD5
770c30795469db59c765b04d9a918157

SHA1
d7d1178695b4bb61206723df7ea82f86f65e3a44

SHA256
1b03583344f44188444604f9989f8487761326590e83367ec0a51685e28aa679

SHA512
256a9cdeae7560f8ffa690bd2f3572dba56c363084e6adc4281d1418f9c8a2155ae5da154dd351e844e0c11c8e0c6d8009abae1e8733b5935a5a0da0986d1a52

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG46.PNG

Filesize
206B

MD5
e5329b4f50a6d05b9f317d31e511f065

SHA1
832068e3e911b239525add101105cb0101f54518

SHA256
bffe754566e9658da9bb0ef029655219fb1421ab0e4c6c3ebd2c8f59aafc2c5c

SHA512
086e377427f4a4c80408e63c8b69aa511f7c5568b2b55d0ecd61b3380b63f587f004762de852b07e0aeb153f1a1f54c5ea3441a3e3992f203134fc9a827365b8

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG

Filesize
1KB

MD5
c23a0f2c75efceac95c193078b6dbdd1

SHA1
5796622e9d9eaa429c9de3927f2cd14f48b0d5f3

SHA256
1e1c44d65bddb73a09c2a4268a9f8579395ad6fa7bccb24ca8ac4462ab341e8f

SHA512
5bae2ffe515ec683ebe14842727ad11cb3681db3ecdb5b85575157b9f771cef8f2e6ff04adf3ab00ad8386b97e6245ee1e967da0b2c27cd81b93debb81a9c7b9

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG

Filesize
1KB

MD5
894c378bfb0a3083a480c17e69b82d43

SHA1
c0d9adfba36da365e62ac5add34ca093d4e9abdc

SHA256
3fc0f92d4a1c0f3039a871316eb6e38ac90194f91f0a1d083215cb111c5ed309

SHA512
fb6076167edbf5326bcb85bb2f1343490a15dc21d98385672eba3aaa5b8f5545770fcbc038c027111364f11ecd049e180959114142a957f7f224fe40ddbde765

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG

Filesize
41KB

MD5
727a0f9e22850aa16614eb8c57864f42

SHA1
4d412bb29b03db8c7defc52bb9916c6fbfddb9d5

SHA256
ed1bc76af6a5507063a880224b794ba9d0443b21d6e3a893805ede13c9ac2c92

SHA512
203506c5cb77119d618c19c16851fb7acf7ce76e2cb2517f9633e2e933aa3e86413f9b3314ef17f389648fb859545b8b9bda20c558a8f8ff50150fac7649eee2

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG

Filesize
1KB

MD5
d37c6beba4af2cb8095ac1e21125018a

SHA1
0ecd624a8f13d6851c2e262d896994249b4a2260

SHA256
833e0e81453d4dad3abfd62b3c64cf679cf034a3a259a60d814144a77f07e63b

SHA512
c01a604e8590337ec8bcb96ab819c9c814b5041e36217256316f1ff8ce7668eb16799c121c62d0a0542208269d98f81847079f02c1070ad905c183f374ce1b9c

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
33KB

MD5
5659cbd4cd6ce831e84dd4f16c5906e5

SHA1
213fec350283acfe2fe074b44d8805bf17ded315

SHA256
21ebd42cd7472a99a1da21354beaf6a2be7f3a9d6fa79836492430b1d29448a6

SHA512
9f5201b86b1ed71d63e3f947dc1ca1a9fc70204dca8875de1a9d7d5d8267a9ec1d097a0000cfd7ccf4657244ec4467faec56acb05df7f11b5a1c5cf252ab4faa

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

Filesize
6KB

MD5
5009972672c12b4227c9058cfa7935b6

SHA1
9b7f8801502561d815fc7171ea6078d18b6e2d32

SHA256
2f21a39e66864c34ddf7fdaf4a738550f61ef43d132834b5a8b1a1e90d956e64

SHA512
ed2f584764ff9e93a6133e992e0329df426fe0f3c6c3b510a441c3f3da4a84cdd9b755fa4930bef14da1ce5c60286ccbac6e4e6b7d87209c4d42e98e658242a8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\O5Y5QGHE.txt

Filesize
869B

MD5
af6ad8a02efd5e344f38d419c0aa8b1f

SHA1
51de05194b73beb07f2e10e92fb319b8e2bbe166

SHA256
ffea925684477fe33aa9470b65e9ed9da1c2aed172c05c1ae66f774403291ac9

SHA512
1264991dc70e74f8c83e981f6bcfd0f3644b98f99acbf2b18a0ab245557c20787cf8a47e1ad3dc69caf9415ee930db88127b8c216974fbc1f700a0a25ee1a96b

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\SW4HGVRQ.txt

Filesize
869B

MD5
b1f190572cb9c704797611e4bfd35fee

SHA1
6d52f3312f86be65e4586342855f75e014857780

SHA256
d70a6df3c36d62a921cb6f2e65847cc6e0fb3e34281dc4cc46d2e527bf3ed7f4

SHA512
5248504dbcf560579a4f3ad38904b7c37d34c44435934ef93ce2b1ffafeda17292684f2d60bfed7e54c1a0195e772c946c4a225e5d91423d2a4d5cee05896580

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
8cae4667a335866770187eb433a736e8

SHA1
24a6de16fcfa2939e26bfe4664752364fa701a9d

SHA256
a17c1ac598dc8e519350750ebca95fe5f9a385493828a799fbd1b78f23dac907

SHA512
71ada63e7e81861e9c04b293c9becfb298cedce5ae1fced242434988f80a528dc00489102e8232d62ebff7be177dd93db9fb3c6b5040e15e12db6cdbbeb34b63

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
8cae4667a335866770187eb433a736e8

SHA1
24a6de16fcfa2939e26bfe4664752364fa701a9d

SHA256
a17c1ac598dc8e519350750ebca95fe5f9a385493828a799fbd1b78f23dac907

SHA512
71ada63e7e81861e9c04b293c9becfb298cedce5ae1fced242434988f80a528dc00489102e8232d62ebff7be177dd93db9fb3c6b5040e15e12db6cdbbeb34b63

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2303120325349561972.dll

Filesize
4.6MB

MD5
02cdbf798a668878b72b920b6e265272

SHA1
2301a19f2e1003656463d77d536aa18d27cdd513

SHA256
c9da947548474485935e7e8780b765fa6b8b4ad3afc4a1ad216fbe1097f8ad94

SHA512
d4b10633b2bd5845b05c6880f3a4812f69e590e157c45e49d59594d8c78fbc385b89dfec058ae1461cac6175cb318d27839d7f462e550cf3d2338933c4b18aaf

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2303120325354871476.dll

Filesize
4.6MB

MD5
02cdbf798a668878b72b920b6e265272

SHA1
2301a19f2e1003656463d77d536aa18d27cdd513

SHA256
c9da947548474485935e7e8780b765fa6b8b4ad3afc4a1ad216fbe1097f8ad94

SHA512
d4b10633b2bd5845b05c6880f3a4812f69e590e157c45e49d59594d8c78fbc385b89dfec058ae1461cac6175cb318d27839d7f462e550cf3d2338933c4b18aaf

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_230312032540089452.dll

Filesize
4.6MB

MD5
02cdbf798a668878b72b920b6e265272

SHA1
2301a19f2e1003656463d77d536aa18d27cdd513

SHA256
c9da947548474485935e7e8780b765fa6b8b4ad3afc4a1ad216fbe1097f8ad94

SHA512
d4b10633b2bd5845b05c6880f3a4812f69e590e157c45e49d59594d8c78fbc385b89dfec058ae1461cac6175cb318d27839d7f462e550cf3d2338933c4b18aaf

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_230312032541992620.dll

Filesize
4.6MB

MD5
02cdbf798a668878b72b920b6e265272

SHA1
2301a19f2e1003656463d77d536aa18d27cdd513

SHA256
c9da947548474485935e7e8780b765fa6b8b4ad3afc4a1ad216fbe1097f8ad94

SHA512
d4b10633b2bd5845b05c6880f3a4812f69e590e157c45e49d59594d8c78fbc385b89dfec058ae1461cac6175cb318d27839d7f462e550cf3d2338933c4b18aaf

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2303120325425691216.dll

Filesize
4.6MB

MD5
02cdbf798a668878b72b920b6e265272

SHA1
2301a19f2e1003656463d77d536aa18d27cdd513

SHA256
c9da947548474485935e7e8780b765fa6b8b4ad3afc4a1ad216fbe1097f8ad94

SHA512
d4b10633b2bd5845b05c6880f3a4812f69e590e157c45e49d59594d8c78fbc385b89dfec058ae1461cac6175cb318d27839d7f462e550cf3d2338933c4b18aaf

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
92d1c01623cc06eb11096ff6e4fa7206

SHA1
059ccb8ba1228662adc487e8e17844651e856ca6

SHA256
667aa7c3017b648709ed7870f537b15484e2b90c939ffca5174faec5f2e3005f

SHA512
aba40d8b32655177b7aafb203fd9edf58eeda701fa121955ef510d4399ca4184b97cc58235e83bb782f630f0a59c24c130dcf73085dacc37003beb626387665d

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
92d1c01623cc06eb11096ff6e4fa7206

SHA1
059ccb8ba1228662adc487e8e17844651e856ca6

SHA256
667aa7c3017b648709ed7870f537b15484e2b90c939ffca5174faec5f2e3005f

SHA512
aba40d8b32655177b7aafb203fd9edf58eeda701fa121955ef510d4399ca4184b97cc58235e83bb782f630f0a59c24c130dcf73085dacc37003beb626387665d

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
92d1c01623cc06eb11096ff6e4fa7206

SHA1
059ccb8ba1228662adc487e8e17844651e856ca6

SHA256
667aa7c3017b648709ed7870f537b15484e2b90c939ffca5174faec5f2e3005f

SHA512
aba40d8b32655177b7aafb203fd9edf58eeda701fa121955ef510d4399ca4184b97cc58235e83bb782f630f0a59c24c130dcf73085dacc37003beb626387665d

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
92d1c01623cc06eb11096ff6e4fa7206

SHA1
059ccb8ba1228662adc487e8e17844651e856ca6

SHA256
667aa7c3017b648709ed7870f537b15484e2b90c939ffca5174faec5f2e3005f

SHA512
aba40d8b32655177b7aafb203fd9edf58eeda701fa121955ef510d4399ca4184b97cc58235e83bb782f630f0a59c24c130dcf73085dacc37003beb626387665d

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
92d1c01623cc06eb11096ff6e4fa7206

SHA1
059ccb8ba1228662adc487e8e17844651e856ca6

SHA256
667aa7c3017b648709ed7870f537b15484e2b90c939ffca5174faec5f2e3005f

SHA512
aba40d8b32655177b7aafb203fd9edf58eeda701fa121955ef510d4399ca4184b97cc58235e83bb782f630f0a59c24c130dcf73085dacc37003beb626387665d

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\jds7165515.tmp\jre-windows.exe

Filesize
84.1MB

MD5
dfcfc788d67437530a50177164db42b0

SHA1
2d9ed0dc5671a358186dcf83abb74bfe39c40e9f

SHA256
a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1

SHA512
dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3

Download Submit
\Users\Admin\AppData\Local\Temp\jre-windows.exe

Filesize
84.5MB

MD5
7542ec421a2f6e90751e8b64c22e0542

SHA1
d207d221a28ede5c2c8415f82c555989aa7068ba

SHA256
188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6

SHA512
8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
7c4a808fcb721f8fdae88ae32ca25916

SHA1
159d32eb691981ea681f8a3deabe7dfc50b6db45

SHA256
4ef18dcf67d0bbb1c78a697a5035f52f22198580d15a4a48233d5015d41ca7cd

SHA512
77d1b0a02d79cd1eb846da607ad4594aff6aab1821b59abc9717ac2f5e4bd0d12f8d114c530ae19c4a8be1f7468177eceda4b3d84c0193396bc0636a1d003b7a

Download Submit
memory/452-1382-0x0000000000E50000-0x000000000139A000-memory.dmp

Filesize
5.3MB

Download
memory/452-1386-0x0000000000E50000-0x000000000139A000-memory.dmp

Filesize
5.3MB

Download
memory/620-1456-0x0000000002B10000-0x000000000305A000-memory.dmp

Filesize
5.3MB

Download
memory/620-1413-0x0000000000C90000-0x00000000011DA000-memory.dmp

Filesize
5.3MB

Download
memory/620-1690-0x0000000002B10000-0x000000000305A000-memory.dmp

Filesize
5.3MB

Download
memory/1216-1333-0x00000000055E0000-0x0000000005B2A000-memory.dmp

Filesize
5.3MB

Download
memory/1216-484-0x00000000009B0000-0x0000000000D98000-memory.dmp

Filesize
3.9MB

Download
memory/1216-1335-0x00000000055E0000-0x0000000005B2A000-memory.dmp

Filesize
5.3MB

Download
memory/1216-1332-0x00000000055E0000-0x0000000005B2A000-memory.dmp

Filesize
5.3MB

Download
memory/1216-1352-0x00000000009B0000-0x0000000000D98000-memory.dmp

Filesize
3.9MB

Download
memory/1216-1331-0x00000000026F0000-0x0000000002700000-memory.dmp

Filesize
64KB

Download
memory/1216-1457-0x0000000000C90000-0x00000000011DA000-memory.dmp

Filesize
5.3MB

Download
memory/1216-1336-0x00000000055E0000-0x0000000005B2A000-memory.dmp

Filesize
5.3MB

Download
memory/1236-481-0x0000000002B30000-0x0000000002F18000-memory.dmp

Filesize
3.9MB

Download
memory/1236-474-0x0000000002B30000-0x0000000002F18000-memory.dmp

Filesize
3.9MB

Download
memory/1236-473-0x0000000002B30000-0x0000000002F18000-memory.dmp

Filesize
3.9MB

Download
memory/1360-72-0x0000000002F60000-0x0000000003348000-memory.dmp

Filesize
3.9MB

Download
memory/1360-71-0x0000000002F60000-0x0000000003348000-memory.dmp

Filesize
3.9MB

Download
memory/1468-1461-0x00000000001D0000-0x00000000005B8000-memory.dmp

Filesize
3.9MB

Download
memory/1468-367-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1468-1452-0x00000000001D0000-0x00000000005B8000-memory.dmp

Filesize
3.9MB

Download
memory/1468-433-0x0000000002E10000-0x0000000002E20000-memory.dmp

Filesize
64KB

Download
memory/1468-73-0x00000000001D0000-0x00000000005B8000-memory.dmp

Filesize
3.9MB

Download
memory/1468-1458-0x0000000002E10000-0x0000000002E20000-memory.dmp

Filesize
64KB

Download
memory/1468-386-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1468-383-0x00000000001D0000-0x00000000005B8000-memory.dmp

Filesize
3.9MB

Download
memory/1468-365-0x0000000002320000-0x0000000002323000-memory.dmp

Filesize
12KB

Download
memory/1468-1773-0x00000000001D0000-0x00000000005B8000-memory.dmp

Filesize
3.9MB

Download
memory/1468-364-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1468-1823-0x00000000001D0000-0x00000000005B8000-memory.dmp

Filesize
3.9MB

Download
memory/1468-425-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1468-366-0x00000000001D0000-0x00000000005B8000-memory.dmp

Filesize
3.9MB

Download
memory/1468-424-0x00000000001D0000-0x00000000005B8000-memory.dmp

Filesize
3.9MB

Download
memory/1468-391-0x00000000001D0000-0x00000000005B8000-memory.dmp

Filesize
3.9MB

Download
memory/1468-1593-0x00000000001D0000-0x00000000005B8000-memory.dmp

Filesize
3.9MB

Download
memory/1468-1610-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1468-384-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1468-1313-0x00000000001D0000-0x00000000005B8000-memory.dmp

Filesize
3.9MB

Download
memory/1468-1330-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1468-382-0x00000000001D0000-0x00000000005B8000-memory.dmp

Filesize
3.9MB

Download
memory/1476-1365-0x0000000000C90000-0x00000000011DA000-memory.dmp

Filesize
5.3MB

Download
memory/1904-1868-0x000007FFFFF80000-0x000007FFFFF90000-memory.dmp

Filesize
64KB

Download
memory/1972-1381-0x0000000003960000-0x0000000003EAA000-memory.dmp

Filesize
5.3MB

Download
memory/1972-1613-0x0000000003960000-0x0000000003EAA000-memory.dmp

Filesize
5.3MB

Download
memory/1972-1490-0x00000000029E0000-0x0000000002F2A000-memory.dmp

Filesize
5.3MB

Download
memory/1972-1364-0x00000000029E0000-0x0000000002F2A000-memory.dmp

Filesize
5.3MB

Download
memory/1972-1337-0x0000000000C90000-0x00000000011DA000-memory.dmp

Filesize
5.3MB

Download
memory/1972-1410-0x0000000003E70000-0x00000000043BA000-memory.dmp

Filesize
5.3MB

Download