bazarbackdoor | 42a309cea201b01a1a135fd651fcbec0d079368ed34d5567d3cf3a3811b47266

Analysis

max time kernel
110s
max time network
154s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
04-04-2023 23:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.879-Installer-1.0.9.exe
Size

22.6MB
MD5

51b145f86301e75e5108ca22403784f0
SHA1

e6990f2cf3f9d38b7458688509ce0e3f3ff5bf7d
SHA256

42a309cea201b01a1a135fd651fcbec0d079368ed34d5567d3cf3a3811b47266
SHA512

7848323b4761c8fdcd6456e6e98c67a1f41b5d40d0e9403a4d065b07c3eafaff50da936bd890ffcb092e51b39d8f71c66fa475542b4f95528cacf694e4a65e10
SSDEEP

393216:HXjnTdbGPfs/dQETVlOBbpFEjdGphRqV56Hpkf+V4scTKAjENqm:HznTdsHExi73qqHpg+Vvc+AmX

Score

10^/10

bazarbackdoor backdoor discovery spyware stealer upx

Malware Config

Signatures

BazarBackdoor
Stealthy backdoor targeting corporate networks, believed to be developed by Trickbot's authors.
backdoor bazarbackdoor

Bazar/Team9 Backdoor payload 1 IoCs

Processes:

resource	yara_rule
C:\Windows\Installer\6db2ad.msi	BazarBackdoorVar3

Blocklisted process makes network request 1 IoCs

Processes:

msiexec.exe

flow pid process

46 848 msiexec.exe
Downloads MZ/PE file

flow	pid	process
46	848	msiexec.exe

Executes dropped EXE 13 IoCs

Processes:

irsetup.exeBrowserInstaller.exeirsetup.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exejre-windows.exejre-windows.exeAssistant_96.0.4693.50_Setup.exe_sfx.exeassistant_installer.exeassistant_installer.exe

pid	process
904	irsetup.exe
1464	BrowserInstaller.exe
1916	irsetup.exe
1972	opera-installer-bro.exe
1548	opera-installer-bro.exe
2188	opera-installer-bro.exe
2696	opera-installer-bro.exe
2084	opera-installer-bro.exe
2292	jre-windows.exe
1328	jre-windows.exe
2964	Assistant_96.0.4693.50_Setup.exe_sfx.exe
2648	assistant_installer.exe
2428	assistant_installer.exe

Loads dropped DLL 45 IoCs

Processes:

TLauncher-2.879-Installer-1.0.9.exeirsetup.exeBrowserInstaller.exeirsetup.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exejre-windows.exeassistant_installer.exeMsiExec.exe

pid	process
2044	TLauncher-2.879-Installer-1.0.9.exe
2044	TLauncher-2.879-Installer-1.0.9.exe
2044	TLauncher-2.879-Installer-1.0.9.exe
2044	TLauncher-2.879-Installer-1.0.9.exe
904	irsetup.exe
904	irsetup.exe
904	irsetup.exe
904	irsetup.exe
904	irsetup.exe
904	irsetup.exe
904	irsetup.exe
904	irsetup.exe
1464	BrowserInstaller.exe
1464	BrowserInstaller.exe
1464	BrowserInstaller.exe
1464	BrowserInstaller.exe
1916	irsetup.exe
1916	irsetup.exe
1916	irsetup.exe
1916	irsetup.exe
1916	irsetup.exe
1916	irsetup.exe
1916	irsetup.exe
1916	irsetup.exe
1972	opera-installer-bro.exe
1972	opera-installer-bro.exe
1548	opera-installer-bro.exe
1972	opera-installer-bro.exe
2188	opera-installer-bro.exe
1972	opera-installer-bro.exe
2696	opera-installer-bro.exe
2696	opera-installer-bro.exe
2084	opera-installer-bro.exe
904	irsetup.exe
2292	jre-windows.exe
1972	opera-installer-bro.exe
1972	opera-installer-bro.exe
1972	opera-installer-bro.exe
1972	opera-installer-bro.exe
2648	assistant_installer.exe
1212
1212
2356	MsiExec.exe
2356	MsiExec.exe
2356	MsiExec.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

UPX packed file 51 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral1/memory/2044-59-0x0000000002DA0000-0x0000000003188000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral1/memory/904-206-0x0000000000E00000-0x00000000011E8000-memory.dmp	upx
behavioral1/memory/904-368-0x0000000000E00000-0x00000000011E8000-memory.dmp	upx
behavioral1/memory/904-391-0x0000000000E00000-0x00000000011E8000-memory.dmp	upx
behavioral1/memory/904-392-0x0000000000E00000-0x00000000011E8000-memory.dmp	upx
behavioral1/memory/904-394-0x0000000000E00000-0x00000000011E8000-memory.dmp	upx
behavioral1/memory/904-427-0x0000000000E00000-0x00000000011E8000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
behavioral1/memory/1916-488-0x0000000000900000-0x0000000000CE8000-memory.dmp	upx
behavioral1/memory/904-489-0x0000000000E00000-0x00000000011E8000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral1/memory/1972-594-0x0000000001050000-0x0000000001588000-memory.dmp	upx
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe	upx
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral1/memory/2188-748-0x0000000000C50000-0x0000000001188000-memory.dmp	upx
behavioral1/memory/1916-920-0x0000000000900000-0x0000000000CE8000-memory.dmp	upx
behavioral1/memory/904-797-0x0000000000E00000-0x00000000011E8000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral1/memory/1548-922-0x0000000001050000-0x0000000001588000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral1/memory/2696-1135-0x0000000001050000-0x0000000001588000-memory.dmp	upx
behavioral1/memory/2084-1412-0x0000000001050000-0x0000000001588000-memory.dmp	upx
behavioral1/memory/904-1413-0x0000000000E00000-0x00000000011E8000-memory.dmp	upx
behavioral1/memory/904-1439-0x0000000000E00000-0x00000000011E8000-memory.dmp	upx
behavioral1/memory/904-1601-0x0000000000E00000-0x00000000011E8000-memory.dmp	upx
behavioral1/memory/1916-1927-0x0000000000900000-0x0000000000CE8000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 26 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msiexec.exeopera-installer-bro.exeopera-installer-bro.exe

description	ioc	process
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\D:	opera-installer-bro.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\D:	opera-installer-bro.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\F:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe

Drops file in Windows directory 8 IoCs

Processes:

msiexec.exe

description	ioc	process
File opened for modification	C:\Windows\Installer\MSIB8A8.tmp	msiexec.exe
File created	C:\Windows\Installer\6db2af.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBAFA.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBB1A.tmp	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIBB79.tmp	msiexec.exe
File created	C:\Windows\Installer\6db2ad.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\6db2ad.msi	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

msiexec.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msiexec.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msiexec.exe

Enumerates system info in registry 2 TTPs 2 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

irsetup.exejre-windows.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	irsetup.exe
Key created	\REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main	jre-windows.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

irsetup.exeopera-installer-bro.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	irsetup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	irsetup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe

Suspicious use of AdjustPrivilegeToken 46 IoCs

Processes:

jre-windows.exemsiexec.exe

description	pid	process
Token: SeShutdownPrivilege	1328	jre-windows.exe
Token: SeIncreaseQuotaPrivilege	1328	jre-windows.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeSecurityPrivilege	848	msiexec.exe
Token: SeCreateTokenPrivilege	1328	jre-windows.exe
Token: SeAssignPrimaryTokenPrivilege	1328	jre-windows.exe
Token: SeLockMemoryPrivilege	1328	jre-windows.exe
Token: SeIncreaseQuotaPrivilege	1328	jre-windows.exe
Token: SeMachineAccountPrivilege	1328	jre-windows.exe
Token: SeTcbPrivilege	1328	jre-windows.exe
Token: SeSecurityPrivilege	1328	jre-windows.exe
Token: SeTakeOwnershipPrivilege	1328	jre-windows.exe
Token: SeLoadDriverPrivilege	1328	jre-windows.exe
Token: SeSystemProfilePrivilege	1328	jre-windows.exe
Token: SeSystemtimePrivilege	1328	jre-windows.exe
Token: SeProfSingleProcessPrivilege	1328	jre-windows.exe
Token: SeIncBasePriorityPrivilege	1328	jre-windows.exe
Token: SeCreatePagefilePrivilege	1328	jre-windows.exe
Token: SeCreatePermanentPrivilege	1328	jre-windows.exe
Token: SeBackupPrivilege	1328	jre-windows.exe
Token: SeRestorePrivilege	1328	jre-windows.exe
Token: SeShutdownPrivilege	1328	jre-windows.exe
Token: SeDebugPrivilege	1328	jre-windows.exe
Token: SeAuditPrivilege	1328	jre-windows.exe
Token: SeSystemEnvironmentPrivilege	1328	jre-windows.exe
Token: SeChangeNotifyPrivilege	1328	jre-windows.exe
Token: SeRemoteShutdownPrivilege	1328	jre-windows.exe
Token: SeUndockPrivilege	1328	jre-windows.exe
Token: SeSyncAgentPrivilege	1328	jre-windows.exe
Token: SeEnableDelegationPrivilege	1328	jre-windows.exe
Token: SeManageVolumePrivilege	1328	jre-windows.exe
Token: SeImpersonatePrivilege	1328	jre-windows.exe
Token: SeCreateGlobalPrivilege	1328	jre-windows.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe
Token: SeRestorePrivilege	848	msiexec.exe
Token: SeTakeOwnershipPrivilege	848	msiexec.exe

Suspicious use of FindShellTrayWindow 40 IoCs

Processes:

irsetup.exejre-windows.exechrome.exe

pid	process
904	irsetup.exe
904	irsetup.exe
904	irsetup.exe
904	irsetup.exe
904	irsetup.exe
904	irsetup.exe
1328	jre-windows.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

chrome.exe

pid	process
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe
1156	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

irsetup.exeirsetup.exejre-windows.exe

pid	process
904	irsetup.exe
904	irsetup.exe
904	irsetup.exe
904	irsetup.exe
904	irsetup.exe
904	irsetup.exe
1916	irsetup.exe
1916	irsetup.exe
1328	jre-windows.exe
1328	jre-windows.exe
1328	jre-windows.exe
1328	jre-windows.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

TLauncher-2.879-Installer-1.0.9.exeirsetup.exeBrowserInstaller.exeirsetup.exeopera-installer-bro.exeopera-installer-bro.exejre-windows.exe

description	pid	process	target process
PID 2044 wrote to memory of 904	2044	TLauncher-2.879-Installer-1.0.9.exe	irsetup.exe
PID 2044 wrote to memory of 904	2044	TLauncher-2.879-Installer-1.0.9.exe	irsetup.exe
PID 2044 wrote to memory of 904	2044	TLauncher-2.879-Installer-1.0.9.exe	irsetup.exe
PID 2044 wrote to memory of 904	2044	TLauncher-2.879-Installer-1.0.9.exe	irsetup.exe
PID 2044 wrote to memory of 904	2044	TLauncher-2.879-Installer-1.0.9.exe	irsetup.exe
PID 2044 wrote to memory of 904	2044	TLauncher-2.879-Installer-1.0.9.exe	irsetup.exe
PID 2044 wrote to memory of 904	2044	TLauncher-2.879-Installer-1.0.9.exe	irsetup.exe
PID 904 wrote to memory of 1464	904	irsetup.exe	BrowserInstaller.exe
PID 904 wrote to memory of 1464	904	irsetup.exe	BrowserInstaller.exe
PID 904 wrote to memory of 1464	904	irsetup.exe	BrowserInstaller.exe
PID 904 wrote to memory of 1464	904	irsetup.exe	BrowserInstaller.exe
PID 904 wrote to memory of 1464	904	irsetup.exe	BrowserInstaller.exe
PID 904 wrote to memory of 1464	904	irsetup.exe	BrowserInstaller.exe
PID 904 wrote to memory of 1464	904	irsetup.exe	BrowserInstaller.exe
PID 1464 wrote to memory of 1916	1464	BrowserInstaller.exe	irsetup.exe
PID 1464 wrote to memory of 1916	1464	BrowserInstaller.exe	irsetup.exe
PID 1464 wrote to memory of 1916	1464	BrowserInstaller.exe	irsetup.exe
PID 1464 wrote to memory of 1916	1464	BrowserInstaller.exe	irsetup.exe
PID 1464 wrote to memory of 1916	1464	BrowserInstaller.exe	irsetup.exe
PID 1464 wrote to memory of 1916	1464	BrowserInstaller.exe	irsetup.exe
PID 1464 wrote to memory of 1916	1464	BrowserInstaller.exe	irsetup.exe
PID 1916 wrote to memory of 1972	1916	irsetup.exe	opera-installer-bro.exe
PID 1916 wrote to memory of 1972	1916	irsetup.exe	opera-installer-bro.exe
PID 1916 wrote to memory of 1972	1916	irsetup.exe	opera-installer-bro.exe
PID 1916 wrote to memory of 1972	1916	irsetup.exe	opera-installer-bro.exe
PID 1916 wrote to memory of 1972	1916	irsetup.exe	opera-installer-bro.exe
PID 1916 wrote to memory of 1972	1916	irsetup.exe	opera-installer-bro.exe
PID 1916 wrote to memory of 1972	1916	irsetup.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 1548	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 1548	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 1548	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 1548	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 1548	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 1548	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 1548	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 2188	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 2188	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 2188	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 2188	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 2188	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 2188	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 2188	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 2696	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 2696	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 2696	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 2696	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 2696	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 2696	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 1972 wrote to memory of 2696	1972	opera-installer-bro.exe	opera-installer-bro.exe
PID 2696 wrote to memory of 2084	2696	opera-installer-bro.exe	opera-installer-bro.exe
PID 2696 wrote to memory of 2084	2696	opera-installer-bro.exe	opera-installer-bro.exe
PID 2696 wrote to memory of 2084	2696	opera-installer-bro.exe	opera-installer-bro.exe
PID 2696 wrote to memory of 2084	2696	opera-installer-bro.exe	opera-installer-bro.exe
PID 2696 wrote to memory of 2084	2696	opera-installer-bro.exe	opera-installer-bro.exe
PID 2696 wrote to memory of 2084	2696	opera-installer-bro.exe	opera-installer-bro.exe
PID 2696 wrote to memory of 2084	2696	opera-installer-bro.exe	opera-installer-bro.exe
PID 904 wrote to memory of 2292	904	irsetup.exe	jre-windows.exe
PID 904 wrote to memory of 2292	904	irsetup.exe	jre-windows.exe
PID 904 wrote to memory of 2292	904	irsetup.exe	jre-windows.exe
PID 904 wrote to memory of 2292	904	irsetup.exe	jre-windows.exe
PID 2292 wrote to memory of 1328	2292	jre-windows.exe	jre-windows.exe
PID 2292 wrote to memory of 1328	2292	jre-windows.exe	jre-windows.exe
PID 2292 wrote to memory of 1328	2292	jre-windows.exe	jre-windows.exe
PID 1972 wrote to memory of 2964	1972	opera-installer-bro.exe	Assistant_96.0.4693.50_Setup.exe_sfx.exe

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.0.9.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.0.9.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2044

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.0.9.exe" "__IRCT:3" "__IRTSS:23652905" "__IRSID:S-1-5-21-3430344531-3702557399-3004411149-1000"
2⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:904

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1464

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1841947" "__IRSID:S-1-5-21-3430344531-3702557399-3004411149-1000"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1916

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
5⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
PID:1972

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2188

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=97.0.4719.43 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x712633e0,0x712633f0,0x712633fc
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1548

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1972 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230405010247" --session-guid=730c9948-a021-4e57-bfa3-80873b3a1ce3 --server-tracking-blob=OTg4ZmNkYzlmYTliNmE4OTg2NjRlNGM0ZWI2Y2VhYjg4Nzg3MmM3OGY2NDI5NDgzYjk2NjFlNThlYmY1YmI4Yzp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjciLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNjgwNjQ5MzYyLjEyMjMiLCJ1c2VyYWdlbnQiOiJTZXR1cCBGYWN0b3J5IDkuMCIsInV0bSI6eyJjYW1wYWlnbiI6Ik9wZXJhRGVza3RvcCIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik1TVEwifSwidXVpZCI6ImZkNmY1YTQyLTg0MWQtNGY5NS05YjYwLWZkNzE0NGVhNjA0YSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0803000000000000
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Suspicious use of WriteProcessMemory
PID:2696

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=97.0.4719.43 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x707d33e0,0x707d33f0,0x707d33fc
7⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2084

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304050102471\assistant\Assistant_96.0.4693.50_Setup.exe_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304050102471\assistant\Assistant_96.0.4693.50_Setup.exe_sfx.exe"
6⤵
- Executes dropped EXE
PID:2964

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304050102471\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304050102471\assistant\assistant_installer.exe" --version
6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2648

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304050102471\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304050102471\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0xf56c28,0xf56c38,0xf56c44
7⤵
- Executes dropped EXE
PID:2428

C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
"C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2292

C:\Users\Admin\AppData\Local\Temp\jds7171381.tmp\jre-windows.exe
"C:\Users\Admin\AppData\Local\Temp\jds7171381.tmp\jre-windows.exe" "STATIC=1"
4⤵
- Executes dropped EXE
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1328

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Drops file in Windows directory
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:848

C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 24F3C181A0D9124986B2F8158CAABAF4
2⤵
- Loads dropped DLL
PID:2356

C:\Program Files\Java\jre1.8.0_351\installer.exe
"C:\Program Files\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" STATIC=1 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}
2⤵
PID:2472

C:\ProgramData\Oracle\Java\installcache_x64\7197386.tmp\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
3⤵
PID:2328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1156

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef3b59758,0x7fef3b59768,0x7fef3b59778
2⤵
PID:1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1248,i,10164994982951658691,10519113953343507079,131072 /prefetch:2
2⤵
PID:2316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1524 --field-trial-handle=1248,i,10164994982951658691,10519113953343507079,131072 /prefetch:8
2⤵
PID:920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1620 --field-trial-handle=1248,i,10164994982951658691,10519113953343507079,131072 /prefetch:8
2⤵
PID:2840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2108 --field-trial-handle=1248,i,10164994982951658691,10519113953343507079,131072 /prefetch:1
2⤵
PID:3028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2136 --field-trial-handle=1248,i,10164994982951658691,10519113953343507079,131072 /prefetch:1
2⤵
PID:3040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1428 --field-trial-handle=1248,i,10164994982951658691,10519113953343507079,131072 /prefetch:2
2⤵
PID:2936

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:3016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef3b59758,0x7fef3b59768,0x7fef3b59778
2⤵
PID:1632

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
Filesize
61KB

MD5
e71c8443ae0bc2e282c73faead0a6dd3

SHA1
0c110c1b01e68edfacaeae64781a37b1995fa94b

SHA256
95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72

SHA512
b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
471B

MD5
f541dcf3398dcbf8f1781d134e17131c

SHA1
ede7eb71e59d12d1e20513853f04311cf8248cef

SHA256
af3821fafaf256c59c09cbcb0f03bb9916d5bea98d85edfbc2ee63c407e36a83

SHA512
a5c922d563c89e5a617d1f6d6829ba9dada378b82cc8189a062d675bfb15af989129ae80ac19c431e8c71a710cf5dd2554b3a9be26dd5492aaa646fc5d7b408e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
1KB

MD5
a266bb7dcc38a562631361bbf61dd11b

SHA1
3b1efd3a66ea28b16697394703a72ca340a05bd5

SHA256
df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e

SHA512
0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
Filesize
342B

MD5
23a8ee2fa4fb0e7e4f39ff6f6a11ffdb

SHA1
2409c9e88fabbdd9a73ff686a9030b2c01580d8a

SHA256
53b281ece1eb2cb876573e6ca707451247ba5117428d7a35b993ba5e3a42175b

SHA512
c11f86d852b6bdcabddea03321d02a27aaa4fee8ceb6c0dacad5009f60a48668aca1c88a7fc69001d29c99b04973dab968e296f74de98fbfba3c3cf48a0392b4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
434B

MD5
97114c584b75e17bf9cf58019fa62030

SHA1
2f6d5d48c3626cc04dc27fcbc60e87d01dd6a184

SHA256
dc716408e8a1e4a1c8f335c6943ab32e1edcf9a77b0c4ccfa73167d6701dffbe

SHA512
658fedf5b816e1f7d2a578c503e7f604caa021951c551a770aab26a6e676cf5542d1b775d7e0931555a6f499093449dd914c275f7f2b4e3719cbf1856f29480c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
Filesize
242B

MD5
694347e17c2ca7abf3ec15f50887fd57

SHA1
e9b60e70c09622db57dc20fa23cb08d179b2fdeb

SHA256
49fbd068f81a5b868f6f6ac02869f524da89f58604d931bcbba97c6da855c740

SHA512
88c1c681466b7e929cd23bebdbd88df1beda329dd6a5cd160845a9e483266fbd0ad64d7a45cedbff411f760d11b72123b7c12774ef0c0f618297ad35db1a7801

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
Filesize
40B

MD5
a0dac56ef957c4491da5fb8d2b826207

SHA1
e3b5d8347ef3defa52e46771c55db81008c3e65c

SHA256
bb2d076c1dde53073887c6d5610bedd7f42cb9f38968b4c160ffe4f393193df2

SHA512
2ebd27eede9a8528c87dcf23570bf7b15fe4b5ef4cd34a6e79a455aad99a3e00715916d8846de2a5abd3fff26b3016fbd51cd74f04b5e6c7650505c7c27e03b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\980e1dbb-ceba-495d-82cb-d26e7a4613ed.tmp
Filesize
4KB

MD5
ab882792415f593720c59dc3b8ed7716

SHA1
404384518cbe37aa8ae820b236674e91ca34553e

SHA256
67a0adac3a5eee95811636bb2355cf9235f5a17f6b43d48955aed244af71df32

SHA512
94c63433506240b3df504282135a49fd0777bf39016caf31901919bf29d78b1252ae0a9de2343ec5e2331d926eb1da958864aac7b4a1678c38709d29b6455b73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\000004.dbtmp
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
174KB

MD5
04569770d72ee2b97f30715fc67e6ccc

SHA1
8cf112b94938123ad6ffa67e7a25303210298b89

SHA256
1f4c0f89c25757bcf20532a5375351a65ccc06e171986f28b8efc39e9afbfaec

SHA512
d857327b49637cd786cf4d16aac0023df2b9c47ee3bdb44a11c4a62955b7e310b6927233a1009935b301a8e744f3fdab49efdc479f64e2f1a85c3fc7780c99ab

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304050102471\additional_file0.tmp
Filesize
1.7MB

MD5
b386cdcb413405daa8219af8e4cbd318

SHA1
ce275ff8514fef0629c915a6ee7b5ac481b9043d

SHA256
408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e

SHA512
91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202304050102471\opera_package
Filesize
86.9MB

MD5
6b7771354e081eb94cdbf7627799da4f

SHA1
199341a750443cc6e9b2b2fa1e657d0dd327711f

SHA256
494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab

SHA512
33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800

Download Submit
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
C:\Users\Admin\AppData\Local\Temp\Cab1BAC.tmp
Filesize
61KB

MD5
fc4666cbca561e864e7fdf883a9e6661

SHA1
2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

SHA256
10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

SHA512
c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2304050102447252188.dll
Filesize
4.6MB

MD5
bac04c920c1505e39636c6d473721292

SHA1
f45d06f54dc4f1dd2256bbe23843be4952aca2ab

SHA256
98c6a36fc123eabe83b724f3b41735a55784ddec0173739c50124e4d7e9d22f0

SHA512
8d2a6f0354aa1557e5ccec3adb9eab59237606c29b92883cfdf106a2f924ebfba06bed6cd65b64462465ad2f11c329ed06fe36b640905bd86427c023f50c4771

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar3587.tmp
Filesize
161KB

MD5
73b4b714b42fc9a6aaefd0ae59adb009

SHA1
efdaffd5b0ad21913d22001d91bf6c19ecb4ac41

SHA256
c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd

SHA512
73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Tar7159.tmp
Filesize
161KB

MD5
be2bec6e8c5653136d3e72fe53c98aa3

SHA1
a8182d6db17c14671c3d5766c72e58d87c0810de

SHA256
1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd

SHA512
0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG
Filesize
339B

MD5
bfd3f5e88b85b08269a1209c7efff5ef

SHA1
831bb68b2118d3037b34316e8290f3aaaa986a9b

SHA256
a1c5e2e49e3cc71793e79d5be2e8d6f7aa5490c9262675d6db0e3fd537fc42eb

SHA512
95b76358b3bfbd31914d6b1db578aa0e5a19b1e352833df9537a02dc6c2084676eaaeb36ac7fbf397a5ba43b16068df7109b3e84bfaa398b8b7175993bd2edd5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG
Filesize
644B

MD5
74cbb6a9510a5af4e84765729f03aef0

SHA1
44e70d3263b85bcbbf3f40c0b7710284eaed32f8

SHA256
224e1afab80a44dc6bf440bf4a3f3a9535485c271dd38eeefac83cad3a82536e

SHA512
305a8b0f3fd989af6460018bd88edeaf02ff50815d2d8f7553fa511f33eaee9427095f5d0412e7f53e769bf26ef3222cb6df95c4a68ae473fef85d285819641d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG109.PNG
Filesize
2KB

MD5
0e0557b9f62fce2322fa993c91b2e2e7

SHA1
3c31d21dcb323a3faf47dc04663275e2581013b1

SHA256
7cdc6702979255bdc4b0ee0099593e88c94e563f00bfcca3c7d680f2bb2df3dc

SHA512
48bcf980c20e5b9f587d3c9277855171120cf4ef2d3e7f9aed1bfc8e3f894e28043760c5febad7f3806752b1d388ea1a80092351fac107461023fb7bce9cdd6b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG124.PNG
Filesize
40KB

MD5
6bcf4aff24c28919bf7c8c76c1c13bfd

SHA1
87776afed17d9f9b3a21fabdb530b4083eca3635

SHA256
03a9cdf6e58e6fbf4158af65ba7465a6463a7d2cfefae2b2bcf705f33771149e

SHA512
12fabd4f1818f31d5ca42c7299b576a6b31232b1c2abb468b256df3d57727dce9395affc4ba6334d7362ba1e57022b5341ffc908e08d019bc1ddc4f94a400e68

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
Filesize
280B

MD5
c26a8c3c8a1b4cfa66a04954682cbd00

SHA1
a0fe409f7c63212fa96af3d27e985d1b636d7f5e

SHA256
b215bf4f48b4f943c61a43675ca768f8ff8fa4da813fa3c969a26be550e37b15

SHA512
4088e0d60d5e88ca877af034ee3134a3dec626efcea9a498dfa93c532b77e17f90aca02e03262cf179562136f3b2928d330d3e18dcc9180d22f63c926699baad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG22.PNG
Filesize
1KB

MD5
1d20e2d3d0534910b3ceb2659e36b202

SHA1
b36edff00ddd65e57196ca8b650e73fd3d5ee16d

SHA256
0e2c443067936fbcf70f7bcd3f957dcd691124a6684056c1e8407609f6d64226

SHA512
17e9dcb016a4609ea756fe8bf781aa0620f694c67b3135ee24ec03208033aea03ac8f70e445e4fe4a8d707aa7166e13bc284c58cf768a7b9ae1ddbe3ca5f1526

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG
Filesize
281B

MD5
ad413a1fa3406283529429463b3c3582

SHA1
541632da39b89d6370444569130a8780e4917886

SHA256
8fb2c6302a6f56fb23e6a2fd1e5e52136941ac1037c40c26ed5d63c9f71c1a27

SHA512
9dd27101508bc457257a58c4df2473c4050be11f55c6b8b9d670c63d52410e216ac99328aceb25035e88202cab177e9303834441fce3c84677173b2ae3f9ffa6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG
Filesize
43KB

MD5
a99cea0ae59b6200452ce912f755ebbf

SHA1
84d44cb1e98d59c64b85dd1d447a01e11e18c9d8

SHA256
ae007f0ee65aa1ea5f0a11f116a7613aa61c67259817f3ac2d7fde299a63e174

SHA512
fc9e5f4aa8551a01e7567df4d1ea764966bb4ec7c177c662f4a82c2095fa12f30d67a64c30d03d08ce72267b924eb78c9bd1e0d9ac4da3797cef36f46d5eaa51

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG
Filesize
1KB

MD5
9df48291509b109da6fa8565dc46ebd0

SHA1
15e0c52b88cd73f4e294c5b469461e1666fc280a

SHA256
19210a58182587ee81486ca8357177df48bcd667cc4fbdb434965988b02cbb4e

SHA512
4e0136b2170c52762a64d1232cfe2638f059d3cc5337336501f40c369672241cba955433d707d6f3e8bae6f326eff1083be0cecbba0c6da535947641626197b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
9597a91c491d87dfb8209de6b878fe8b

SHA1
da77262030402d701d697c65c7d60d70ff8af4be

SHA256
81fdafeef0c0e4c41a687b3072a86efc96a7d5df4c015d66ba2016e065544208

SHA512
b76480193c755e6d83ec7c257d3efe6800fb8f84169ca61096941aa5fa660218e0239e083fdbb9a1e49a0e0d317236c34de1232d827ec8e740d860bf46e9fcb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
9597a91c491d87dfb8209de6b878fe8b

SHA1
da77262030402d701d697c65c7d60d70ff8af4be

SHA256
81fdafeef0c0e4c41a687b3072a86efc96a7d5df4c015d66ba2016e065544208

SHA512
b76480193c755e6d83ec7c257d3efe6800fb8f84169ca61096941aa5fa660218e0239e083fdbb9a1e49a0e0d317236c34de1232d827ec8e740d860bf46e9fcb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
9597a91c491d87dfb8209de6b878fe8b

SHA1
da77262030402d701d697c65c7d60d70ff8af4be

SHA256
81fdafeef0c0e4c41a687b3072a86efc96a7d5df4c015d66ba2016e065544208

SHA512
b76480193c755e6d83ec7c257d3efe6800fb8f84169ca61096941aa5fa660218e0239e083fdbb9a1e49a0e0d317236c34de1232d827ec8e740d860bf46e9fcb6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat
Filesize
114KB

MD5
bd5626a0237933e0f1dccf10e7c9fbd6

SHA1
10c47d382d4f44d8d44efaa203501749e42c6d50

SHA256
7dfc1176d8a507135140b23a0c014093b7e2673f0f3e5727c3d85df4e7323762

SHA512
1fd864a5386580cf8bbafbacb12a043ef51948b729b9aedfe6dc81e6c2948a100526c7c600069f22454d550f7f736ad3045a930cc2ef97458dc1d6c782928087

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
3KB

MD5
a84771822ac5161941050c9ee7965bbd

SHA1
6f19494877d3ea05fc80865b50031c0d49608d2a

SHA256
26954a2fba8da23e7f8288f5777c09df06c93b55534c42885d79420118b0a94e

SHA512
5183e57f1f958f1fe312fb5478bd911d2a43914d6eb37098fc9a36c7bf08d6f77d3c2c706bb7abc03a9b69ca5f4b7272d0dbd437e134c555645db1f562b1637c

Download Submit
C:\Users\Admin\AppData\Local\Temp\jusched.log
Filesize
5KB

MD5
7380dd30f7372a60763314c349707722

SHA1
84296b8904256b4114094269ccb8b35731b8f13e

SHA256
d7d42da42976f115c7c57dcd47969ac4efac354160b60eba0e727febb94adf82

SHA512
a861081313f90d76e83a65e3a0216b9c443ef0cb8755aaa6881c48f4e362b8f63af431a8e753bf942b296f28ad386490446e66da304cd571e72a7027435698db

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
Filesize
590B

MD5
44c953722be56683c5f816f220014be1

SHA1
965c3802355fe780c33382517f2ceab7b2233cfa

SHA256
2c1f45260086f15410374e563a82e9a9429227c515e9d0f87204353547b37b53

SHA512
a7034ea2345634f8536f56cdba030eea6dfa763ca200a0c7cffde037f72a331396de553e70fb437a1953945567844b55a8ee4f70962c6e070c077a929836f065

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
6.3MB

MD5
545c62b3d98ee4cc02af837a72dd09c4

SHA1
54446a007fd9b7363d9415673b0ac0232d5d70d5

SHA256
738029a4f974128180fa2cd239e873b01e456e8bf53bfdbf34b8ba8b57897be4

SHA512
8bf9c754861ed267efd2055ac09b4ad44df61b989859fccd14190592dca1dab0fa8f57360209eaceabb5137f742c9cea73a1a985ab1955f87a6875d0be95fdcf

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP
Filesize
451KB

MD5
0b445ace8798426e7185f52b7b7b6d1e

SHA1
7a77b46e0848cc9b32283ccb3f91a18c0934c079

SHA256
2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6

SHA512
51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG
Filesize
1KB

MD5
8402b903804427eb60533887407e9e3f

SHA1
9ff615c4441fd6e8c2a998e9728f2df91b79926d

SHA256
3c3728982174ca5451f0fd830e1c33f9c92faa46e2e0492186d980b969db6e2c

SHA512
9a193bdc7f17ea6ba20f8bc3fcde1aaf5925508e4d4cf5f3483f96226b79a2bbda27b888d30475c5967f67809454cee6a41108ab9a18a6e62206fb9ea28fc5de

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG
Filesize
45KB

MD5
233878a1dfdf615c0e1dc81530aa5302

SHA1
2cd4b1b5d072e3aec82eedf6a87b6c38bb59ef9a

SHA256
765cd11265661ef8aba10bafa1330b2311a309c6f8209cbef6ea1f4e7a6c922e

SHA512
c2fd7427dfe2fc564389ae1f86155901e11068ecf502d2e43c9e5f018b91a05e2952b08ea984b52e20ba8c83569b193bcf5ffb9b19b6e2e521d92c8086db6ed2

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG41.PNG
Filesize
457B

MD5
b02439a5633e53e207a97fd5c3450109

SHA1
4cd39e991796c96bf2256f1b1adcb4a87e6d100c

SHA256
2eda05afa1dc64eb2ff1e5a5a3e07fab9b728a3249ffbd03ae6b78df2cfb9bcf

SHA512
1330302a734fe306c6edf001f1eb8f1abeea00338e507365035d4f78245716b93abf569cc613997b897547747fa6a8578d80e6084cb09c5d6d82d3c6dda2ee60

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG
Filesize
352B

MD5
3ebb90db69ab4f89a809ae955ce084db

SHA1
99cc932c29c7195393a374891e86f2212caed004

SHA256
d20387a537000d2e53048ddf7554c02a3fe095a22d6d6232cf882a4eb4808d39

SHA512
4dab7ff56e46d08afe5649e7da7dd205d2a48ed4e600be03827828d5aa48abf4912f61f19dca0aa63f4243d848af67107caa4212a63c02a0cc6a804f9221361d

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG45.PNG
Filesize
438B

MD5
93ab8d6d5e320bb55107ed481364e990

SHA1
151a55018eaf7e439791912786701068fbf3a401

SHA256
696bd78a46953d9314b3193983df419f4dcd016b5d31369bd3f3e3b364efc641

SHA512
7b19c69f69cff9f5505f4637eb71364a347fcfb4771f0c91a881f297a527fc347a73c26a259a69e5cbba164ec416d942d5c1188cd24f9dbb425b494db2d48823

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG46.PNG
Filesize
206B

MD5
c2a26bbdeacb81dd7f8f6bb2bea4a932

SHA1
ed9add65433be66e6a62133632eacf505d23264d

SHA256
9c2e4c1cc89258d95ef6702b7a62d722fdd82ae18f7aab62278aff88ae55a6a9

SHA512
8303b6a274e1d663e9255429dedbbb1eb2b232303d2cce9a6942257c14cc358126684e4bf11f7c111a5cf0063067aa487854daefedf7a4917f6b75b0b6452dcd

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG
Filesize
1KB

MD5
eb70c64eb9637567556946524aaba3c8

SHA1
5e5574aef69a542c92a366c82d1e5cbd54d9778f

SHA256
c1a8a2116ffea80a1ce556fc51174e46be705310e7cafd9a150035056de9c588

SHA512
8c547e03982e75b00801a4a56cf55705e13f26d17e578d0c7ceab0effd1576863416ee2cbf5f205c306b206bd0ff39ab950276dc4a554d8440d85ef4c7112d87

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG
Filesize
1KB

MD5
8aa76bec130c6e445b9afc13e069c705

SHA1
f33b780d401e898ce376dfcc17022efb282613f9

SHA256
f1a88c950c4342a6d2f972ed57d4b2d2bea8d17c76cfaa852aaf8247cb392918

SHA512
76a1a4ff5aad4a839d50e3ecb84130e0335dcbf7ddeaf4f5b36327fdacad92ee13cc3018ab706b3bf0553eca428fa0d2f9c4080007cbeba5042841387c505809

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG
Filesize
41KB

MD5
0339f5d817fd1dd5abee2deb93183118

SHA1
e49bbc34cca35193272b7ce66760dc32e5c19334

SHA256
f110d8f101c31fb2c09f6d41a35b8c561c706f88467923052750781bd5fce37f

SHA512
08e0f45b68cd9e83d018e988de0b0b76dd8b9433f5def67f2137336dbef28bce69f6754b64bd26b04931811351a74d4c58cba4dce547a86d937e4980f1416147

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG
Filesize
1KB

MD5
0d49244ce1c34d0ac58389f7403f60e8

SHA1
1c0a3b4b89a0b937231c86cb80e0d4f2214a29c5

SHA256
e5cb63d87eebf491c4fcef41e9a0a2a6f7ceb3f5685932f5f4e9ec158b7dfb65

SHA512
a4362b18c67d4881b952727005902ad9852a2dda45426d1077961199c0d22130a20a0447e05e588e20b0bdcc4224f8a271929864ce476477091d4349f4ce21f5

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
Filesize
33KB

MD5
eeab35992fd564631ab198250a14824a

SHA1
924f51846a33fb51bdb7680f7e32ef499cf5d9eb

SHA256
a95984d08a3687e8bc981c3714642481c2057b7c351dd05914913190671f5576

SHA512
cd15d1b05921e56563f50cb1b87440cc0d107fc6b52727f68037806d686039b5b42aa42dab2410d6f89598c78c0411ee18d5ed7b98128f4c42c4db7368daba9e

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
Filesize
8KB

MD5
bf6b012a6072454bde08bdd73ff72aad

SHA1
bd7e0c106d111f84c44bc16f1797826a6b993acc

SHA256
41f6f92c171652c953b442aeb472be26273242cdaa905ad7aeb1630db771ffd6

SHA512
f4c8a6a4db20b9d68b7530957935be0b6b6e930ee073e364f5902aa479569938843395b4dc87611aa114759cc883ea07cc119ea119a7a465a8dedbc9249a7d97

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
Filesize
40B

MD5
763f94566786a99434844b43bdd5bbee

SHA1
69967f41309bd7500d237e88e86711b7197641db

SHA256
3431965eb732164faf5c803c5d63249315ceee69ff509d720fbc8418eafe3a55

SHA512
fc7c91e8a2c38933e41d4023eb9a45dd03ec1c640c95af3f5153e059b2ff0ad61aba237c4b1d4506799635d9070b8d49e3b6530e1dd1666b1ea2ea8d6184c422

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
Filesize
40B

MD5
763f94566786a99434844b43bdd5bbee

SHA1
69967f41309bd7500d237e88e86711b7197641db

SHA256
3431965eb732164faf5c803c5d63249315ceee69ff509d720fbc8418eafe3a55

SHA512
fc7c91e8a2c38933e41d4023eb9a45dd03ec1c640c95af3f5153e059b2ff0ad61aba237c4b1d4506799635d9070b8d49e3b6530e1dd1666b1ea2ea8d6184c422

Download Submit
C:\Users\Admin\Desktop\BlockOut.css
Filesize
219KB

MD5
5a4b26eb6ea31a191503baf1b799b032

SHA1
ff31eed4b77625267b471e9ae9994a7244f66216

SHA256
8398fb56d254d89f29727f498264cb89b534b454a741db805d7d101d6c6ed9d4

SHA512
726e52fdb0abef0d6f69d87548155f5d70e7e42e4266c457dc55d45550f4e6cc808cc16c96e6b82c0d6a6605e524bbec2416cec0c1f5fd493cd84fda1f504690

Download Submit
C:\Users\Admin\Desktop\CheckpointFormat.xml
Filesize
430KB

MD5
21bb64e442aa29fcc88b6dcb36c129aa

SHA1
9035687995810db51a82caedd297e32dc2074ab9

SHA256
d35d817824de8167da5209e0a198bf9901fbdcc932c16231373f22dd08403aa1

SHA512
23f5ea6a10caf3a2c45d5f2f2d26a816932de794b953524e7e2c6a855eddfb62c26da114d1adeb88f1f6b60fa1e52e6376c36f5961591716e3275436077701e0

Download Submit
C:\Users\Admin\Desktop\ClearHide.tiff
Filesize
258KB

MD5
4b1e8ce7f3775dc26e004de3c10acd76

SHA1
a8cf88f9b34c8d75a5e1e1162119083e37cf564c

SHA256
c09a2268ae7ada421d0d8624915b6f2bf96c8996d636ee544e615324846b7fe1

SHA512
f8260d3825a8e7f6a7d6937acdd0178723e020f3f7a2dc9d3e6785eac6bd0a85c4b2aba44e917d30321161e20e31a2bdc0286164e8e2103ecc3c9569e8056cbe

Download Submit
C:\Users\Admin\Desktop\CompareUse.lnk
Filesize
282KB

MD5
aebc4a57bf6492e4f606fe59190d08fc

SHA1
ca781b7f59d71941d1f42c96ac6cb9205ce9a675

SHA256
a565fa24c5e0ee636df1399e13ab9474c7526b034bb88ce1611b18b10c308996

SHA512
2222368fc74c632d3903693ff87ab6e3eee58af6a1977a7e7c52c462cb410e49329818d3adb035dc01cad04f94d53548c881a2e0e710da2a8e17883b45f5f270

Download Submit
C:\Users\Admin\Desktop\DenyCopy.ADT
Filesize
242KB

MD5
ab6dc1424f650e2d22f3842da4881c48

SHA1
2f8f6ff5698b8e49c28de44b96e45c99f5ba4a8e

SHA256
6ba604b3093a2df0f11826ad258a4a20faa65ceef0e2a68955be3e5dc99dbd25

SHA512
afb46d9edd342a9e8eb8cfe8905e25cf16d608b3196c5a27915af83eb34deb4e4f4f2966bffcbffdeefb07744cbccb3431bc6e43b17b656f54d8b87a5ac03bde

Download Submit
C:\Users\Admin\Desktop\DisconnectMeasure.m4a
Filesize
164KB

MD5
a4dfc90acc1ae279cc092378832d501f

SHA1
d7e516a49a771c00de6af355f755fa3963ff4efc

SHA256
ccd52296f44828b4a1f441c2401006253ef64cb96653234f94f08e6becc95c32

SHA512
881e1c70c5873563a5b1d778f3ba4ecb125d0bed831d09d406527ebebc076b7956309d80c8ce21af16604f0df9e17e833184679e72681bd9b32c070a21eb3981

Download Submit
C:\Users\Admin\Desktop\DismountRead.docx
Filesize
289KB

MD5
c8f4f0abe5db1f40a26714f6fd15ccef

SHA1
aa8c6f9234194a343684201238220263cfdec242

SHA256
34e90c39fe97aebf2cad223ebd82cf5b8acb7a1a9197d4cc3dab0879278803d8

SHA512
7c2a4a43c9c5420cb4cf3959d8b7c03df1702e86ab09e21b4791f2274851489d7ce7597f7f211dbb52b7f3d764c8ef673ba76a85037b0f311678235f521ffa16

Download Submit
C:\Users\Admin\Desktop\EnableExpand.pps
Filesize
148KB

MD5
d324855f6875be9fd1ecacd2e960fb7e

SHA1
f1a531d567e7c5b38b08bca539fa9e943c87f940

SHA256
b4c1969e84c90c6dcfa5ba5e86037d121f35bcb21f581d75623e20628dd797d7

SHA512
576c0e546f27f61b5a6e945527ec25d91d0a8b179ff8e3daa1d857604cff8f78923c3c3e6a3a9b64d4538a70367284d838e4311b84aea1665cd89169dd9c66d4

Download Submit
C:\Users\Admin\Desktop\ExitPush.aif
Filesize
305KB

MD5
4c318a773310198c3706cb9a933c21f0

SHA1
11e9ff4f65f07be26624f40b9cbcda67bb46723f

SHA256
fd8adc7a2fdf783c78433500669ef9a1eadf764ccaaa750af0af48f9c542ad25

SHA512
f6b485d8843dc824270d59d225724e7275972a1680cf44aadde9a3cf4bd9cdd7b004a77918c47448168c65dcf1ff3112a1a19e09560b9f65fc27d349287ec9fb

Download Submit
C:\Users\Admin\Desktop\ExportRead.dot
Filesize
203KB

MD5
299287dcbc83f40b2eaa7581b4fa2d66

SHA1
699106a661d21fd7cd506edc3b9d50e9fb47992e

SHA256
9c4d2dcda740bd929ec71e5d15b4fecb785769b53af1d57416a9734384227217

SHA512
da41e51e0f0ef53d53de2fb4a57cc63c393243bb27c8377c4f9b13d4a5357177e682953182b2be4f5a385cd29c0a65e4230924ff678f84fcb14b8ac8631f168c

Download Submit
C:\Users\Admin\Desktop\FindUnblock.dotm
Filesize
125KB

MD5
fc6a3aecccac59240b2ecc26ac27047a

SHA1
bae190bc2f83cd2124182fd8188bbab4e894b139

SHA256
2bad43c833ddea26048f568b29a5c0be27ae0a3b8e59892964bfbdd0552b2ba4

SHA512
eb41c4b53b4e467cad729613d81d754b4c6b8bab63d0a8d8cb0152970037ef382b76840091a5e0eca69d6766dbbc1d54fe5d21141d8f66edbd12089e2706fc4c

Download Submit
C:\Users\Admin\Desktop\FormatStart.clr
Filesize
235KB

MD5
cd1073a6d481fc179eee56a7b5ec07b3

SHA1
3d781bfd725edb7ab4922367a463f56c2fc5eb9c

SHA256
1bca94cd758fa80c017bfc3b8c04c5afa1ef7a31730b968224a48ac148782704

SHA512
1a615abe8b25f5b1ca643cdad188d5a7180a756adb52349ad6dc0ca05ffa3fa6f0da7b0b593e1d417d81cbcf673434fd2718c2a369cef2d52cf3e39ea9e90844

Download Submit
C:\Windows\Installer\6db2ad.msi
Filesize
81.0MB

MD5
1794aaa17d114a315a95473c9780fc8b

SHA1
7f250c022b916b88e22254985e7552bc3ac8db04

SHA256
7682233d155e6d19f30cf61b185a02055be0dbcacd2c9accf90a99de21547eb4

SHA512
fb9defdf73786528e82ffc7e1ccfa03cfb687365ec740e9620993da785414306f03a7e1fa523192a9d690a882b012d1e426afd1757639f3ef5f1e612c01e6516

Download Submit
C:\Windows\Installer\MSIBB79.tmp
Filesize
757KB

MD5
62cfeb86f117ad91b8bb52f1dda6f473

SHA1
c753b488938b3e08f7f47df209359c7b78764448

SHA256
f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e

SHA512
c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e

Download Submit
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2304050102438201972.dll
Filesize
4.6MB

MD5
bac04c920c1505e39636c6d473721292

SHA1
f45d06f54dc4f1dd2256bbe23843be4952aca2ab

SHA256
98c6a36fc123eabe83b724f3b41735a55784ddec0173739c50124e4d7e9d22f0

SHA512
8d2a6f0354aa1557e5ccec3adb9eab59237606c29b92883cfdf106a2f924ebfba06bed6cd65b64462465ad2f11c329ed06fe36b640905bd86427c023f50c4771

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2304050102443971548.dll
Filesize
4.6MB

MD5
bac04c920c1505e39636c6d473721292

SHA1
f45d06f54dc4f1dd2256bbe23843be4952aca2ab

SHA256
98c6a36fc123eabe83b724f3b41735a55784ddec0173739c50124e4d7e9d22f0

SHA512
8d2a6f0354aa1557e5ccec3adb9eab59237606c29b92883cfdf106a2f924ebfba06bed6cd65b64462465ad2f11c329ed06fe36b640905bd86427c023f50c4771

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2304050102447252188.dll
Filesize
4.6MB

MD5
bac04c920c1505e39636c6d473721292

SHA1
f45d06f54dc4f1dd2256bbe23843be4952aca2ab

SHA256
98c6a36fc123eabe83b724f3b41735a55784ddec0173739c50124e4d7e9d22f0

SHA512
8d2a6f0354aa1557e5ccec3adb9eab59237606c29b92883cfdf106a2f924ebfba06bed6cd65b64462465ad2f11c329ed06fe36b640905bd86427c023f50c4771

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2304050102477202696.dll
Filesize
4.6MB

MD5
bac04c920c1505e39636c6d473721292

SHA1
f45d06f54dc4f1dd2256bbe23843be4952aca2ab

SHA256
98c6a36fc123eabe83b724f3b41735a55784ddec0173739c50124e4d7e9d22f0

SHA512
8d2a6f0354aa1557e5ccec3adb9eab59237606c29b92883cfdf106a2f924ebfba06bed6cd65b64462465ad2f11c329ed06fe36b640905bd86427c023f50c4771

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2304050102515112084.dll
Filesize
4.6MB

MD5
bac04c920c1505e39636c6d473721292

SHA1
f45d06f54dc4f1dd2256bbe23843be4952aca2ab

SHA256
98c6a36fc123eabe83b724f3b41735a55784ddec0173739c50124e4d7e9d22f0

SHA512
8d2a6f0354aa1557e5ccec3adb9eab59237606c29b92883cfdf106a2f924ebfba06bed6cd65b64462465ad2f11c329ed06fe36b640905bd86427c023f50c4771

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
9597a91c491d87dfb8209de6b878fe8b

SHA1
da77262030402d701d697c65c7d60d70ff8af4be

SHA256
81fdafeef0c0e4c41a687b3072a86efc96a7d5df4c015d66ba2016e065544208

SHA512
b76480193c755e6d83ec7c257d3efe6800fb8f84169ca61096941aa5fa660218e0239e083fdbb9a1e49a0e0d317236c34de1232d827ec8e740d860bf46e9fcb6

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
9597a91c491d87dfb8209de6b878fe8b

SHA1
da77262030402d701d697c65c7d60d70ff8af4be

SHA256
81fdafeef0c0e4c41a687b3072a86efc96a7d5df4c015d66ba2016e065544208

SHA512
b76480193c755e6d83ec7c257d3efe6800fb8f84169ca61096941aa5fa660218e0239e083fdbb9a1e49a0e0d317236c34de1232d827ec8e740d860bf46e9fcb6

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
9597a91c491d87dfb8209de6b878fe8b

SHA1
da77262030402d701d697c65c7d60d70ff8af4be

SHA256
81fdafeef0c0e4c41a687b3072a86efc96a7d5df4c015d66ba2016e065544208

SHA512
b76480193c755e6d83ec7c257d3efe6800fb8f84169ca61096941aa5fa660218e0239e083fdbb9a1e49a0e0d317236c34de1232d827ec8e740d860bf46e9fcb6

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
9597a91c491d87dfb8209de6b878fe8b

SHA1
da77262030402d701d697c65c7d60d70ff8af4be

SHA256
81fdafeef0c0e4c41a687b3072a86efc96a7d5df4c015d66ba2016e065544208

SHA512
b76480193c755e6d83ec7c257d3efe6800fb8f84169ca61096941aa5fa660218e0239e083fdbb9a1e49a0e0d317236c34de1232d827ec8e740d860bf46e9fcb6

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
9597a91c491d87dfb8209de6b878fe8b

SHA1
da77262030402d701d697c65c7d60d70ff8af4be

SHA256
81fdafeef0c0e4c41a687b3072a86efc96a7d5df4c015d66ba2016e065544208

SHA512
b76480193c755e6d83ec7c257d3efe6800fb8f84169ca61096941aa5fa660218e0239e083fdbb9a1e49a0e0d317236c34de1232d827ec8e740d860bf46e9fcb6

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
0c472e18c1edebcc8d7a9ba6e7072adb

SHA1
97f3f599d54e964fea36aaf71a31e687fb408d1a

SHA256
3045e1cc5e58b4cfe6183c3dfd73b5f754560f23dc065b7e1d18424836ae283d

SHA512
9f74ccbb5ea090b162024fd989aa6e44f9a5d9b6330ad114f138607419a6136bd15d3ff0958bb1ea8db1b9be25c0e643dc6889c5c9c934ff871223203921140e

Download Submit
memory/904-392-0x0000000000E00000-0x00000000011E8000-memory.dmp

Filesize
3.9MB

Download
memory/904-475-0x00000000030E0000-0x00000000030F0000-memory.dmp

Filesize
64KB

Download
memory/904-206-0x0000000000E00000-0x00000000011E8000-memory.dmp

Filesize
3.9MB

Download
memory/904-366-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/904-367-0x00000000005F0000-0x00000000005F3000-memory.dmp

Filesize
12KB

Download
memory/904-368-0x0000000000E00000-0x00000000011E8000-memory.dmp

Filesize
3.9MB

Download
memory/904-369-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/904-391-0x0000000000E00000-0x00000000011E8000-memory.dmp

Filesize
3.9MB

Download
memory/904-1602-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/904-1601-0x0000000000E00000-0x00000000011E8000-memory.dmp

Filesize
3.9MB

Download
memory/904-1413-0x0000000000E00000-0x00000000011E8000-memory.dmp

Filesize
3.9MB

Download
memory/904-1414-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/904-797-0x0000000000E00000-0x00000000011E8000-memory.dmp

Filesize
3.9MB

Download
memory/904-1439-0x0000000000E00000-0x00000000011E8000-memory.dmp

Filesize
3.9MB

Download
memory/904-1440-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/904-1441-0x00000000030E0000-0x00000000030F0000-memory.dmp

Filesize
64KB

Download
memory/904-393-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/904-394-0x0000000000E00000-0x00000000011E8000-memory.dmp

Filesize
3.9MB

Download
memory/904-395-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/904-427-0x0000000000E00000-0x00000000011E8000-memory.dmp

Filesize
3.9MB

Download
memory/904-428-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/904-489-0x0000000000E00000-0x00000000011E8000-memory.dmp

Filesize
3.9MB

Download
memory/1464-479-0x0000000002EC0000-0x00000000032A8000-memory.dmp

Filesize
3.9MB

Download
memory/1464-481-0x0000000002EC0000-0x00000000032A8000-memory.dmp

Filesize
3.9MB

Download
memory/1464-480-0x0000000002EC0000-0x00000000032A8000-memory.dmp

Filesize
3.9MB

Download
memory/1464-1442-0x0000000002EC0000-0x00000000032A8000-memory.dmp

Filesize
3.9MB

Download
memory/1464-476-0x0000000002EC0000-0x00000000032A8000-memory.dmp

Filesize
3.9MB

Download
memory/1464-1443-0x0000000002EC0000-0x00000000032A8000-memory.dmp

Filesize
3.9MB

Download
memory/1548-922-0x0000000001050000-0x0000000001588000-memory.dmp

Filesize
5.2MB

Download
memory/1916-586-0x0000000005750000-0x0000000005C88000-memory.dmp

Filesize
5.2MB

Download
memory/1916-488-0x0000000000900000-0x0000000000CE8000-memory.dmp

Filesize
3.9MB

Download
memory/1916-1501-0x0000000002570000-0x0000000002580000-memory.dmp

Filesize
64KB

Download
memory/1916-920-0x0000000000900000-0x0000000000CE8000-memory.dmp

Filesize
3.9MB

Download
memory/1916-587-0x0000000005750000-0x0000000005C88000-memory.dmp

Filesize
5.2MB

Download
memory/1916-593-0x0000000005750000-0x0000000005C88000-memory.dmp

Filesize
5.2MB

Download
memory/1916-1927-0x0000000000900000-0x0000000000CE8000-memory.dmp

Filesize
3.9MB

Download
memory/1916-585-0x0000000002570000-0x0000000002580000-memory.dmp

Filesize
64KB

Download
memory/1972-921-0x0000000002A90000-0x0000000002FC8000-memory.dmp

Filesize
5.2MB

Download
memory/1972-1557-0x0000000002A90000-0x0000000002FC8000-memory.dmp

Filesize
5.2MB

Download
memory/1972-594-0x0000000001050000-0x0000000001588000-memory.dmp

Filesize
5.2MB

Download
memory/1972-1030-0x0000000003E30000-0x0000000004368000-memory.dmp

Filesize
5.2MB

Download
memory/1972-1569-0x0000000003E30000-0x0000000004368000-memory.dmp

Filesize
5.2MB

Download
memory/1972-924-0x00000000039D0000-0x0000000003F08000-memory.dmp

Filesize
5.2MB

Download
memory/2044-390-0x0000000002DA0000-0x0000000003188000-memory.dmp

Filesize
3.9MB

Download
memory/2044-145-0x0000000002DA0000-0x0000000003188000-memory.dmp

Filesize
3.9MB

Download
memory/2044-132-0x0000000002DA0000-0x0000000003188000-memory.dmp

Filesize
3.9MB

Download
memory/2044-59-0x0000000002DA0000-0x0000000003188000-memory.dmp

Filesize
3.9MB

Download
memory/2084-1412-0x0000000001050000-0x0000000001588000-memory.dmp

Filesize
5.2MB

Download
memory/2188-748-0x0000000000C50000-0x0000000001188000-memory.dmp

Filesize
5.2MB

Download
memory/2696-1411-0x0000000002990000-0x0000000002EC8000-memory.dmp

Filesize
5.2MB

Download
memory/2696-1135-0x0000000001050000-0x0000000001588000-memory.dmp

Filesize
5.2MB

Download
memory/2696-1614-0x0000000002990000-0x0000000002EC8000-memory.dmp

Filesize
5.2MB

Download