845b0953c143daf9382b38c8ac7faeef62d5298bb0191f1be60865f78a942bac

Analysis

max time kernel
139s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
11-04-2023 01:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.879-Installer-1.1.0.exe
Size

22.6MB
MD5

601b94e3b018e39e0da90881fe89156d
SHA1

dc5340d6e1cb98c6ae2fa6882a4c7284e990705b
SHA256

845b0953c143daf9382b38c8ac7faeef62d5298bb0191f1be60865f78a942bac
SHA512

493c283aa3e201501843e59d593d82b3c98d2628639c95c977c9f22c268d89f7b072907d7b5d244fb7f122348277a97f7d68ce0ebdb36d7fc479c5f3c5bd33db
SSDEEP

393216:+Xj4yibrRbGPfs/dQETVlOBbpFEjdGphRqV56Hpkf+V4scTKAjENq+:+zCrRsHExi73qqHpg+Vvc+AmX

Score

7^/10

discovery upx

Malware Config

Signatures

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

TLauncher-2.879-Installer-1.1.0.exeirsetup.exeBrowserInstaller.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	TLauncher-2.879-Installer-1.1.0.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	irsetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	BrowserInstaller.exe

Executes dropped EXE 2 IoCs

Processes:

irsetup.exeBrowserInstaller.exe

pid process

5108 irsetup.exe
4228 BrowserInstaller.exe
Loads dropped DLL 3 IoCs

Processes:

irsetup.exe

pid process

5108 irsetup.exe
5108 irsetup.exe
5108 irsetup.exe

pid	process
5108	irsetup.exe
4228	BrowserInstaller.exe

pid	process
5108	irsetup.exe
5108	irsetup.exe
5108	irsetup.exe

UPX packed file 27 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral2/memory/5108-146-0x0000000000010000-0x00000000003F8000-memory.dmp	upx
behavioral2/memory/5108-461-0x0000000000010000-0x00000000003F8000-memory.dmp	upx
behavioral2/memory/5108-469-0x0000000000010000-0x00000000003F8000-memory.dmp	upx
behavioral2/memory/5108-485-0x0000000000010000-0x00000000003F8000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
behavioral2/memory/4876-547-0x0000000000840000-0x0000000000C28000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral2/memory/5108-568-0x0000000000010000-0x00000000003F8000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral2/memory/4880-574-0x0000000000E50000-0x0000000001388000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe	upx
behavioral2/memory/1836-588-0x0000000000E50000-0x0000000001388000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe	upx
behavioral2/memory/1936-594-0x0000000000B50000-0x0000000001088000-memory.dmp	upx
behavioral2/memory/1936-595-0x0000000000B50000-0x0000000001088000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral2/memory/5084-611-0x0000000000E50000-0x0000000001388000-memory.dmp	upx
behavioral2/memory/4556-626-0x0000000000E50000-0x0000000001388000-memory.dmp	upx
behavioral2/memory/4876-640-0x0000000000840000-0x0000000000C28000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

irsetup.exeBrowserInstaller.exe

pid process

5108 irsetup.exe
5108 irsetup.exe
5108 irsetup.exe
5108 irsetup.exe
5108 irsetup.exe
5108 irsetup.exe
5108 irsetup.exe
4228 BrowserInstaller.exe

pid	process
5108	irsetup.exe
5108	irsetup.exe
5108	irsetup.exe
5108	irsetup.exe
5108	irsetup.exe
5108	irsetup.exe
5108	irsetup.exe
4228	BrowserInstaller.exe

Suspicious use of WriteProcessMemory 6 IoCs

Processes:

TLauncher-2.879-Installer-1.1.0.exeirsetup.exe

description	pid	process	target process
PID 4588 wrote to memory of 5108	4588	TLauncher-2.879-Installer-1.1.0.exe	irsetup.exe
PID 4588 wrote to memory of 5108	4588	TLauncher-2.879-Installer-1.1.0.exe	irsetup.exe
PID 4588 wrote to memory of 5108	4588	TLauncher-2.879-Installer-1.1.0.exe	irsetup.exe
PID 5108 wrote to memory of 4228	5108	irsetup.exe	BrowserInstaller.exe
PID 5108 wrote to memory of 4228	5108	irsetup.exe	BrowserInstaller.exe
PID 5108 wrote to memory of 4228	5108	irsetup.exe	BrowserInstaller.exe

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.0.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.0.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4588

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.879-Installer-1.1.0.exe" "__IRCT:3" "__IRTSS:23652861" "__IRSID:S-1-5-21-144354903-2550862337-1367551827-1000"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5108

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
3⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4228

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1841947" "__IRSID:S-1-5-21-144354903-2550862337-1367551827-1000"
4⤵
PID:4876

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
5⤵
PID:4880

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=97.0.4719.63 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6f1f33e0,0x6f1f33f0,0x6f1f33fc
6⤵
PID:1836

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
6⤵
PID:1936

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4880 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230411013653" --session-guid=a8eb834f-9d19-4200-aab9-7a11cf14f7fe --server-tracking-blob="NTJlZjU5NTM4NTAwNjcxYzQ0MzNkYTAxZTFhNTE0ZmMwOWJmY2UxZDllMmQxMjA0YWU3MDU0ZjJhYjQ2ZDI4Yjp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY4MTE3NzAxMC43MzU4IiwidXNlcmFnZW50IjoiU2V0dXAgRmFjdG9yeSA5LjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJPcGVyYURlc2t0b3AiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJNU1RMIn0sInV1aWQiOiI2NGFiZmNmYS0yOTEwLTQ1YTAtYTdmYy04YThlMDkzN2E5MmEifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=F005000000000000
6⤵
PID:5084

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=97.0.4719.63 --initial-client-data=0x34c,0x350,0x354,0x31c,0x358,0x6e6d33e0,0x6e6d33f0,0x6e6d33fc
7⤵
PID:4556

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
471B

MD5
33044ed2d3e848a5a070f671fe3ed479

SHA1
7987ebb8f3ddc386632483f84dacccfd3d016ac0

SHA256
03fcff749867a6b3e543dfa043c4550f7b59f98318bbebcc5309e154a025517f

SHA512
fb733de38a212e58c7a4a6b76b0eaeb37a5ca94f4bbe04ece552ac43b03cc70e73427820bad850997d2f24e3a1a935c962433e5b7e61a7f84aa1db905b227722

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
434B

MD5
4e14d8121f228ae331bde624e7b5a77f

SHA1
2fe73959507f264450bc4be1289d7a7c034c2eea

SHA256
e8287cc0cfc9984cd70a0293a9832dadfe974d2071e35507cc6f877d6db7c3a3

SHA512
f2a90af543732816a34e2755122ddbef7fedea938c36058de790bf435bcb6c2967fd6a536adeee4bb84b80b98203e6eede03065b35b2c9f8b71d6c44923fb118

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
ddd64b4149cb8cd60e0eab84f63afdf4

SHA1
d80a87b80f79c0a0f81ce5f54f132fee7f4d60f6

SHA256
6abaf09ceaa0c2f06c71fbb07aca59e85b03322e7d1dc9a114b24da98dc930b5

SHA512
7e940356e2b4a203df5f3153e85e4f001a472d4146db197305fe4010ecb0348912ddc7b78ece4d1d273be1ecfb914dd3e35dd45de459991c45c504ff93dee366

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
ddd64b4149cb8cd60e0eab84f63afdf4

SHA1
d80a87b80f79c0a0f81ce5f54f132fee7f4d60f6

SHA256
6abaf09ceaa0c2f06c71fbb07aca59e85b03322e7d1dc9a114b24da98dc930b5

SHA512
7e940356e2b4a203df5f3153e85e4f001a472d4146db197305fe4010ecb0348912ddc7b78ece4d1d273be1ecfb914dd3e35dd45de459991c45c504ff93dee366

Download Submit
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2304110136497194880.dll
Filesize
4.6MB

MD5
4fa000d2daf4a9a8b30a36de57343e8b

SHA1
4865161c5ec70cce04079a6cbf08795e05bacbf1

SHA256
50df18de18d3cdd5cc21f8fc0dbabbe5a60690027b82af25806f679f492065de

SHA512
a52620ab7ae4e8a6c7379790fc70c5cc611a06432b83ded0a7ea476a647098fcb18797b42ed98293c3e9dd955d784819638597e3b1b419f54eeb9a0084b625ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2304110136508591836.dll
Filesize
4.6MB

MD5
4fa000d2daf4a9a8b30a36de57343e8b

SHA1
4865161c5ec70cce04079a6cbf08795e05bacbf1

SHA256
50df18de18d3cdd5cc21f8fc0dbabbe5a60690027b82af25806f679f492065de

SHA512
a52620ab7ae4e8a6c7379790fc70c5cc611a06432b83ded0a7ea476a647098fcb18797b42ed98293c3e9dd955d784819638597e3b1b419f54eeb9a0084b625ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2304110136508591836.dll
Filesize
4.6MB

MD5
4fa000d2daf4a9a8b30a36de57343e8b

SHA1
4865161c5ec70cce04079a6cbf08795e05bacbf1

SHA256
50df18de18d3cdd5cc21f8fc0dbabbe5a60690027b82af25806f679f492065de

SHA512
a52620ab7ae4e8a6c7379790fc70c5cc611a06432b83ded0a7ea476a647098fcb18797b42ed98293c3e9dd955d784819638597e3b1b419f54eeb9a0084b625ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2304110136517341936.dll
Filesize
4.6MB

MD5
4fa000d2daf4a9a8b30a36de57343e8b

SHA1
4865161c5ec70cce04079a6cbf08795e05bacbf1

SHA256
50df18de18d3cdd5cc21f8fc0dbabbe5a60690027b82af25806f679f492065de

SHA512
a52620ab7ae4e8a6c7379790fc70c5cc611a06432b83ded0a7ea476a647098fcb18797b42ed98293c3e9dd955d784819638597e3b1b419f54eeb9a0084b625ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2304110136540315084.dll
Filesize
4.6MB

MD5
4fa000d2daf4a9a8b30a36de57343e8b

SHA1
4865161c5ec70cce04079a6cbf08795e05bacbf1

SHA256
50df18de18d3cdd5cc21f8fc0dbabbe5a60690027b82af25806f679f492065de

SHA512
a52620ab7ae4e8a6c7379790fc70c5cc611a06432b83ded0a7ea476a647098fcb18797b42ed98293c3e9dd955d784819638597e3b1b419f54eeb9a0084b625ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2304110136545634556.dll
Filesize
4.6MB

MD5
4fa000d2daf4a9a8b30a36de57343e8b

SHA1
4865161c5ec70cce04079a6cbf08795e05bacbf1

SHA256
50df18de18d3cdd5cc21f8fc0dbabbe5a60690027b82af25806f679f492065de

SHA512
a52620ab7ae4e8a6c7379790fc70c5cc611a06432b83ded0a7ea476a647098fcb18797b42ed98293c3e9dd955d784819638597e3b1b419f54eeb9a0084b625ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
Filesize
1.8MB

MD5
8d26aecef0a7bdac2b104454d3ba1a87

SHA1
50c29c58dfece62d94ed01cb5b3d070e593dc9cf

SHA256
e6c069c08e356b05465edb5aa9437e8af82c3cc8367d143d3ba6a8790f99490c

SHA512
0daa8bc75d9a067c3f9c46e4fda2aa4811083a06fc0dac74b45dfcdce60623066dac0189538d48128e55850ba20da12ab5f2f748dfbb9a6ec546802a61065475

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG
Filesize
339B

MD5
a45137507477ea159a4c0481fadbdde8

SHA1
772e535525cd41abb781167334f923f1127f6d24

SHA256
fcc6693f94f87dbb9f03bd664f029db87257c79ac9a974d2caadc790f20ea67a

SHA512
393a8d9387b388524fbf7bc8387d521c830e7d384aabe278251cb4fa1291d32e2875c464a01f93670259bc2009d69507b632a692d43244f3eb7551414c9d635a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
Filesize
280B

MD5
01e097a324673878a3cb5e8e0f3cf152

SHA1
35ef5c438eca9672c7ee19bcde3952f83dc77928

SHA256
d8d0719a20d267a73d298d2ec1fbc050fe2ce25447c7441058ea3966acfbbb22

SHA512
e873763e96b3a52fe73f3fc9b3bcfd764c807c0206b5984d5f7dddd7debec4e6f0b6705ca6a7c6379b83c2fea792d7a16880ea109469ac1af41cc7bdb5f96e27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG
Filesize
281B

MD5
d88e18e2a020a756a8de999b76e7b1fd

SHA1
150f801600b9427039197847aaac784f8ba15258

SHA256
38b8f2202a5e48a8f528708922f504379896ef52b3882ce82efc3481c51804bb

SHA512
d048a569d155aa4636f25ed2963fd5e2234643735ad461df3ad3201cbe152b646c2893557a236fa9683aa3cb07351fa79b9e5788f631442e5142cab0bc98654a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG45.PNG
Filesize
438B

MD5
87221bf8c9222a1489e949e4266a2980

SHA1
60c9d850f696e56b53dc3f940f52463d228febf2

SHA256
8d6e1d814dd38525115ee5d77e2d2ae6df8be31562a3c6805012097d6625efc4

SHA512
fa7ba5edb212a0ad70de123b1eabebd8d4cf5e2e3f59841330923c91d6ce6d8a0bbbf0176a8215a183ea860ae5286a4205b73f70df4d032cfd6c03109d1e433c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
f8da4bc14cb40b7ff8cd2c798ca0f7b9

SHA1
1264c77f79f7a328d60dfd752e721a463fc3e247

SHA256
3050ebf56103a20f9a9466f5371561cf62d4ed3b152f7b86f86d2910f20f5be1

SHA512
0a85a6b25687e3847da34bfa360d0d01ffbd1518a26d097d16cffee00f975a9a9223c6107d270b1b70b32be3b2a6e47b2311b9ef7570dc64692837068a786d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
f8da4bc14cb40b7ff8cd2c798ca0f7b9

SHA1
1264c77f79f7a328d60dfd752e721a463fc3e247

SHA256
3050ebf56103a20f9a9466f5371561cf62d4ed3b152f7b86f86d2910f20f5be1

SHA512
0a85a6b25687e3847da34bfa360d0d01ffbd1518a26d097d16cffee00f975a9a9223c6107d270b1b70b32be3b2a6e47b2311b9ef7570dc64692837068a786d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
f8da4bc14cb40b7ff8cd2c798ca0f7b9

SHA1
1264c77f79f7a328d60dfd752e721a463fc3e247

SHA256
3050ebf56103a20f9a9466f5371561cf62d4ed3b152f7b86f86d2910f20f5be1

SHA512
0a85a6b25687e3847da34bfa360d0d01ffbd1518a26d097d16cffee00f975a9a9223c6107d270b1b70b32be3b2a6e47b2311b9ef7570dc64692837068a786d96

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat
Filesize
114KB

MD5
bd5626a0237933e0f1dccf10e7c9fbd6

SHA1
10c47d382d4f44d8d44efaa203501749e42c6d50

SHA256
7dfc1176d8a507135140b23a0c014093b7e2673f0f3e5727c3d85df4e7323762

SHA512
1fd864a5386580cf8bbafbacb12a043ef51948b729b9aedfe6dc81e6c2948a100526c7c600069f22454d550f7f736ad3045a930cc2ef97458dc1d6c782928087

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
018c68cdf5ba005b4a380c20b13fee4c

SHA1
bf6043fbd31288e8667fcfc37cd74414bee1805f

SHA256
3c7e2319176b70bed0460000d772da9d4cfeb8d2b06dfd913905f15e65942923

SHA512
506c062854f64c4f0d74e2fe709cbaa60a1d2fef0ca7c226fed264be1843e3d329ee542290288335e337c10d266e487c552836d6cae1919ab035f945afa87ed6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
ddd64b4149cb8cd60e0eab84f63afdf4

SHA1
d80a87b80f79c0a0f81ce5f54f132fee7f4d60f6

SHA256
6abaf09ceaa0c2f06c71fbb07aca59e85b03322e7d1dc9a114b24da98dc930b5

SHA512
7e940356e2b4a203df5f3153e85e4f001a472d4146db197305fe4010ecb0348912ddc7b78ece4d1d273be1ecfb914dd3e35dd45de459991c45c504ff93dee366

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
ddd64b4149cb8cd60e0eab84f63afdf4

SHA1
d80a87b80f79c0a0f81ce5f54f132fee7f4d60f6

SHA256
6abaf09ceaa0c2f06c71fbb07aca59e85b03322e7d1dc9a114b24da98dc930b5

SHA512
7e940356e2b4a203df5f3153e85e4f001a472d4146db197305fe4010ecb0348912ddc7b78ece4d1d273be1ecfb914dd3e35dd45de459991c45c504ff93dee366

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
ddd64b4149cb8cd60e0eab84f63afdf4

SHA1
d80a87b80f79c0a0f81ce5f54f132fee7f4d60f6

SHA256
6abaf09ceaa0c2f06c71fbb07aca59e85b03322e7d1dc9a114b24da98dc930b5

SHA512
7e940356e2b4a203df5f3153e85e4f001a472d4146db197305fe4010ecb0348912ddc7b78ece4d1d273be1ecfb914dd3e35dd45de459991c45c504ff93dee366

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
ddd64b4149cb8cd60e0eab84f63afdf4

SHA1
d80a87b80f79c0a0f81ce5f54f132fee7f4d60f6

SHA256
6abaf09ceaa0c2f06c71fbb07aca59e85b03322e7d1dc9a114b24da98dc930b5

SHA512
7e940356e2b4a203df5f3153e85e4f001a472d4146db197305fe4010ecb0348912ddc7b78ece4d1d273be1ecfb914dd3e35dd45de459991c45c504ff93dee366

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
ddd64b4149cb8cd60e0eab84f63afdf4

SHA1
d80a87b80f79c0a0f81ce5f54f132fee7f4d60f6

SHA256
6abaf09ceaa0c2f06c71fbb07aca59e85b03322e7d1dc9a114b24da98dc930b5

SHA512
7e940356e2b4a203df5f3153e85e4f001a472d4146db197305fe4010ecb0348912ddc7b78ece4d1d273be1ecfb914dd3e35dd45de459991c45c504ff93dee366

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
ddd64b4149cb8cd60e0eab84f63afdf4

SHA1
d80a87b80f79c0a0f81ce5f54f132fee7f4d60f6

SHA256
6abaf09ceaa0c2f06c71fbb07aca59e85b03322e7d1dc9a114b24da98dc930b5

SHA512
7e940356e2b4a203df5f3153e85e4f001a472d4146db197305fe4010ecb0348912ddc7b78ece4d1d273be1ecfb914dd3e35dd45de459991c45c504ff93dee366

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
Filesize
635B

MD5
4bffacf53801891206eb27e5039e6952

SHA1
6c2df03ec013059e1d7b9ef252222a7a46bdea23

SHA256
83b0883cf127419dd654debd082cf19ec22820f6467f9ddf89eb7c6b8ce74cd1

SHA512
859acf9f05435c2daba7e4876ccc3da06dd38ce17c2aaf99537691966a4081867fed4fb3546473130e1fca3c87a5bf69ba3a992233f674ba085b3d7a33e7f2d4

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
Filesize
40B

MD5
cc0a4f738602a61bd8f708e6b7dc63e6

SHA1
838a52c75b6d138f7d361eca8b633425115e99d7

SHA256
aec8d6423aab0dcbdcc49321150ed72d799e9b9006df8dfd8b1eb98187b3a53b

SHA512
b7b8ad3c9e123f1f7f20e6ed65e35bdc9100337af2e94a54b39516223ba9f41e394b161fbd6631323fbe5b1aca6615a1077c4b3a093e1a61c84d8918df2d43fd

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
Filesize
40B

MD5
cc0a4f738602a61bd8f708e6b7dc63e6

SHA1
838a52c75b6d138f7d361eca8b633425115e99d7

SHA256
aec8d6423aab0dcbdcc49321150ed72d799e9b9006df8dfd8b1eb98187b3a53b

SHA512
b7b8ad3c9e123f1f7f20e6ed65e35bdc9100337af2e94a54b39516223ba9f41e394b161fbd6631323fbe5b1aca6615a1077c4b3a093e1a61c84d8918df2d43fd

Download Submit
memory/1836-588-0x0000000000E50000-0x0000000001388000-memory.dmp

Filesize
5.2MB

Download
memory/1936-594-0x0000000000B50000-0x0000000001088000-memory.dmp

Filesize
5.2MB

Download
memory/1936-595-0x0000000000B50000-0x0000000001088000-memory.dmp

Filesize
5.2MB

Download
memory/4556-626-0x0000000000E50000-0x0000000001388000-memory.dmp

Filesize
5.2MB

Download
memory/4876-640-0x0000000000840000-0x0000000000C28000-memory.dmp

Filesize
3.9MB

Download
memory/4876-547-0x0000000000840000-0x0000000000C28000-memory.dmp

Filesize
3.9MB

Download
memory/4880-574-0x0000000000E50000-0x0000000001388000-memory.dmp

Filesize
5.2MB

Download
memory/5084-611-0x0000000000E50000-0x0000000001388000-memory.dmp

Filesize
5.2MB

Download
memory/5108-462-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/5108-461-0x0000000000010000-0x00000000003F8000-memory.dmp

Filesize
3.9MB

Download
memory/5108-441-0x0000000006890000-0x0000000006893000-memory.dmp

Filesize
12KB

Download
memory/5108-440-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/5108-469-0x0000000000010000-0x00000000003F8000-memory.dmp

Filesize
3.9MB

Download
memory/5108-146-0x0000000000010000-0x00000000003F8000-memory.dmp

Filesize
3.9MB

Download
memory/5108-485-0x0000000000010000-0x00000000003F8000-memory.dmp

Filesize
3.9MB

Download
memory/5108-486-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/5108-568-0x0000000000010000-0x00000000003F8000-memory.dmp

Filesize
3.9MB

Download
memory/5108-569-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download