6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30

Analysis

max time kernel
147s
max time network
153s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
11/10/2023, 13:57

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
Size

2.8MB
MD5

4673b4d2b32efba511aa7dc9be2e5b72
SHA1

9a7cbe8ef94e3570655a194d3902f80417978089
SHA256

6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30
SHA512

eac4dd42ca47bf2215f0a5ed95cec76567474572f314c0313779790d68e313cc5ea3db8fe9b9eb49ac837f3d3277c8de16182f40701689fa9bca6edb22c79c2c
SSDEEP

49152:2+wK8GHrzRfcqwDTfh+a9PUnYnqXf/z25ee0JKqSS3jFzWo/Gu8gc4vV:RwrGHip8nfzyeJaipzW88gLvV

Score

8^/10

spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
1060	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
1252	Assistant_103.0.4928.25_Setup.exe_sfx.exe
1740	assistant_installer.exe
4524	assistant_installer.exe

Loads dropped DLL 7 IoCs

pid	Process
2532	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
3656	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
1060	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
1740	assistant_installer.exe
1740	assistant_installer.exe
4524	assistant_installer.exe
4524	assistant_installer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/memory/2532-0-0x00000000003A0000-0x00000000008D5000-memory.dmp	upx
behavioral2/memory/3656-4-0x00000000003A0000-0x00000000008D5000-memory.dmp	upx
behavioral2/files/0x00070000000231f0-13.dat	upx
behavioral2/memory/1060-17-0x00000000009A0000-0x0000000000ED5000-memory.dmp	upx
behavioral2/memory/1060-19-0x00000000009A0000-0x0000000000ED5000-memory.dmp	upx
behavioral2/memory/2532-27-0x00000000003A0000-0x00000000008D5000-memory.dmp	upx
behavioral2/memory/3656-29-0x00000000003A0000-0x00000000008D5000-memory.dmp	upx

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
File opened (read-only)	\??\D:	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2532	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe

Suspicious use of WriteProcessMemory 15 IoCs

description	pid	Process	procid_target
PID 2532 wrote to memory of 3656	2532	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe	86
PID 2532 wrote to memory of 3656	2532	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe	86
PID 2532 wrote to memory of 3656	2532	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe	86
PID 2532 wrote to memory of 1060	2532	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe	87
PID 2532 wrote to memory of 1060	2532	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe	87
PID 2532 wrote to memory of 1060	2532	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe	87
PID 2532 wrote to memory of 1252	2532	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe	96
PID 2532 wrote to memory of 1252	2532	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe	96
PID 2532 wrote to memory of 1252	2532	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe	96
PID 2532 wrote to memory of 1740	2532	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe	97
PID 2532 wrote to memory of 1740	2532	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe	97
PID 2532 wrote to memory of 1740	2532	6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe	97
PID 1740 wrote to memory of 4524	1740	assistant_installer.exe	98
PID 1740 wrote to memory of 4524	1740	assistant_installer.exe	98
PID 1740 wrote to memory of 4524	1740	assistant_installer.exe	98

C:\Users\Admin\AppData\Local\Temp\6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
"C:\Users\Admin\AppData\Local\Temp\6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2532
- C:\Users\Admin\AppData\Local\Temp\6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
  C:\Users\Admin\AppData\Local\Temp\6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=102.0.4880.56 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x74f13578,0x74f13588,0x74f13594
  2⤵
  - Loads dropped DLL
  PID:3656
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1060
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\Assistant_103.0.4928.25_Setup.exe_sfx.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\Assistant_103.0.4928.25_Setup.exe_sfx.exe"
  2⤵
  - Executes dropped EXE
  PID:1252
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\assistant_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\assistant_installer.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:1740
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=103.0.4928.25 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0xc71588,0xc71598,0xc715a4
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:4524

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30.exe

Filesize
2.8MB

MD5
4673b4d2b32efba511aa7dc9be2e5b72

SHA1
9a7cbe8ef94e3570655a194d3902f80417978089

SHA256
6907943ea4af3beea1a4632bc1153c38bd42014736d8ca433ca63b719effdb30

SHA512
eac4dd42ca47bf2215f0a5ed95cec76567474572f314c0313779790d68e313cc5ea3db8fe9b9eb49ac837f3d3277c8de16182f40701689fa9bca6edb22c79c2c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\additional_file0.tmp

Filesize
1.9MB

MD5
b0f128c3579e6921cfff620179fb9864

SHA1
60e19c987a96182206994ffd509d2849fdb427e3

SHA256
1c3ddbdd3a8cc2e66a5f4c4db388dff028cd437d42f8982ddf7695cf38a1a9ee

SHA512
17977d85cbdbd4217098850d7eaff0a51e34d641648ec29e843fc299668d8127e367622c82b2a9ceab364099da8c707c8b4aa039e747102d7c950447a5d29212

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\Assistant_103.0.4928.25_Setup.exe_sfx.exe

Filesize
1.9MB

MD5
b0f128c3579e6921cfff620179fb9864

SHA1
60e19c987a96182206994ffd509d2849fdb427e3

SHA256
1c3ddbdd3a8cc2e66a5f4c4db388dff028cd437d42f8982ddf7695cf38a1a9ee

SHA512
17977d85cbdbd4217098850d7eaff0a51e34d641648ec29e843fc299668d8127e367622c82b2a9ceab364099da8c707c8b4aa039e747102d7c950447a5d29212

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\Assistant_103.0.4928.25_Setup.exe_sfx.exe

Filesize
1.9MB

MD5
b0f128c3579e6921cfff620179fb9864

SHA1
60e19c987a96182206994ffd509d2849fdb427e3

SHA256
1c3ddbdd3a8cc2e66a5f4c4db388dff028cd437d42f8982ddf7695cf38a1a9ee

SHA512
17977d85cbdbd4217098850d7eaff0a51e34d641648ec29e843fc299668d8127e367622c82b2a9ceab364099da8c707c8b4aa039e747102d7c950447a5d29212

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
34afbc4605531efdbe6f6ce57f567c0a

SHA1
6cb65f3565e40e7d08f5a0ad37b1b9182b4fc81b

SHA256
0441668bc7daf97c16734a8a95eb29de9fd2f4bec368f4d009e5437862249019

SHA512
577fe412d9b20055cf2f67e029a6829301d6b010cc03d2cf8ce89b87c213530dc4d396a27b92f56ed8260afd59d6fbd8cf841e807460f0a0bad4ad1df5b7c25c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
34afbc4605531efdbe6f6ce57f567c0a

SHA1
6cb65f3565e40e7d08f5a0ad37b1b9182b4fc81b

SHA256
0441668bc7daf97c16734a8a95eb29de9fd2f4bec368f4d009e5437862249019

SHA512
577fe412d9b20055cf2f67e029a6829301d6b010cc03d2cf8ce89b87c213530dc4d396a27b92f56ed8260afd59d6fbd8cf841e807460f0a0bad4ad1df5b7c25c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\dbgcore.DLL

Filesize
166KB

MD5
5a6cd2117967ec78e7195b6ee10fc4da

SHA1
72d929eeb50dd58861a1d4cf13902c0b89fadc34

SHA256
a013652c95eca80356040312390d09ed78458fca6a0aef5ce3203dfe9cbc5040

SHA512
07aa64e6c681360c6c6c504041bd97f54dbf0aad8e498281dc8f8bdec2de4fc1c1bed9d0c4d3b6f4a4be19c408f7d34ff1c4a13db36488f698e3ae11855b895c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\dbgcore.dll

Filesize
166KB

MD5
5a6cd2117967ec78e7195b6ee10fc4da

SHA1
72d929eeb50dd58861a1d4cf13902c0b89fadc34

SHA256
a013652c95eca80356040312390d09ed78458fca6a0aef5ce3203dfe9cbc5040

SHA512
07aa64e6c681360c6c6c504041bd97f54dbf0aad8e498281dc8f8bdec2de4fc1c1bed9d0c4d3b6f4a4be19c408f7d34ff1c4a13db36488f698e3ae11855b895c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\dbgcore.dll

Filesize
166KB

MD5
5a6cd2117967ec78e7195b6ee10fc4da

SHA1
72d929eeb50dd58861a1d4cf13902c0b89fadc34

SHA256
a013652c95eca80356040312390d09ed78458fca6a0aef5ce3203dfe9cbc5040

SHA512
07aa64e6c681360c6c6c504041bd97f54dbf0aad8e498281dc8f8bdec2de4fc1c1bed9d0c4d3b6f4a4be19c408f7d34ff1c4a13db36488f698e3ae11855b895c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\dbghelp.dll

Filesize
1.7MB

MD5
861a07bcf2a5cb0dda1aaf6dfcb57b26

SHA1
a0bdbbc398583a7cfdd88624c9ac2da1764e0826

SHA256
7878be3359a3ecfcf94f961bcdce3e6e8bc01a55eba640d45b867b94f30fcdbc

SHA512
062159168817968f1165cb06299217a556c4e6b00ef7c740f845fdcbbaca77da346ef5fd7403c6f9d81e173a2fcf40c63da57cb884158f8c037c0df0ce1cc5b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\dbghelp.dll

Filesize
1.7MB

MD5
861a07bcf2a5cb0dda1aaf6dfcb57b26

SHA1
a0bdbbc398583a7cfdd88624c9ac2da1764e0826

SHA256
7878be3359a3ecfcf94f961bcdce3e6e8bc01a55eba640d45b867b94f30fcdbc

SHA512
062159168817968f1165cb06299217a556c4e6b00ef7c740f845fdcbbaca77da346ef5fd7403c6f9d81e173a2fcf40c63da57cb884158f8c037c0df0ce1cc5b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\assistant\dbghelp.dll

Filesize
1.7MB

MD5
861a07bcf2a5cb0dda1aaf6dfcb57b26

SHA1
a0bdbbc398583a7cfdd88624c9ac2da1764e0826

SHA256
7878be3359a3ecfcf94f961bcdce3e6e8bc01a55eba640d45b867b94f30fcdbc

SHA512
062159168817968f1165cb06299217a556c4e6b00ef7c740f845fdcbbaca77da346ef5fd7403c6f9d81e173a2fcf40c63da57cb884158f8c037c0df0ce1cc5b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202310120218571\opera_package

Filesize
94.5MB

MD5
c785c2774b5af04a95c0053764610704

SHA1
954ab1d56c79b5bfc40ef525220bc9a61c55a735

SHA256
ebaaf30ec84b56432060e83c0aca5421942019d428fb4f759f86f575d10911aa

SHA512
ab58c9cbd73585e67a90a875c854d05fa51c2a24956f96574962658ce6cd682489e78890c02f420bef0519f6e9606685f849adf028c9b06c86534021a2123052

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2310120218554612532.dll

Filesize
4.6MB

MD5
6aceaeba686345df2e1f3284cc090abe

SHA1
5cc8eb87a170c5bc91472cd6cc6d435370ae741b

SHA256
73e29a88eccb162b70b366b9c91986b7bf5ce90b9072eaa88f146fb06e8d8885

SHA512
8448a64feaed4bb1af04c9a34d92c5ecfbf7da3c4cb2a1f23ccc024cfd53da8a18a6bdb45c8c337f212c23e0f1b25da44118e9b41774d7aa74b6e0a64f944d69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2310120218562743656.dll

Filesize
4.6MB

MD5
6aceaeba686345df2e1f3284cc090abe

SHA1
5cc8eb87a170c5bc91472cd6cc6d435370ae741b

SHA256
73e29a88eccb162b70b366b9c91986b7bf5ce90b9072eaa88f146fb06e8d8885

SHA512
8448a64feaed4bb1af04c9a34d92c5ecfbf7da3c4cb2a1f23ccc024cfd53da8a18a6bdb45c8c337f212c23e0f1b25da44118e9b41774d7aa74b6e0a64f944d69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2310120218568211060.dll

Filesize
4.6MB

MD5
6aceaeba686345df2e1f3284cc090abe

SHA1
5cc8eb87a170c5bc91472cd6cc6d435370ae741b

SHA256
73e29a88eccb162b70b366b9c91986b7bf5ce90b9072eaa88f146fb06e8d8885

SHA512
8448a64feaed4bb1af04c9a34d92c5ecfbf7da3c4cb2a1f23ccc024cfd53da8a18a6bdb45c8c337f212c23e0f1b25da44118e9b41774d7aa74b6e0a64f944d69

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2310120218568211060.dll

Filesize
4.6MB

MD5
6aceaeba686345df2e1f3284cc090abe

SHA1
5cc8eb87a170c5bc91472cd6cc6d435370ae741b

SHA256
73e29a88eccb162b70b366b9c91986b7bf5ce90b9072eaa88f146fb06e8d8885

SHA512
8448a64feaed4bb1af04c9a34d92c5ecfbf7da3c4cb2a1f23ccc024cfd53da8a18a6bdb45c8c337f212c23e0f1b25da44118e9b41774d7aa74b6e0a64f944d69

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
7704c0e8d1cc9b0f7ce6ccda72632aa3

SHA1
5ff4e44a9c2ba106bafae5389ed07471c7aaff3b

SHA256
5b647f1777d1436250aa6093854cd70b95d53de6e06698d78ce5cf017731fce4

SHA512
757197bf7e7249c071cc0e3d01f2ca29d5e9ce24685725c0e9cbe0545e16bc67077d67aef415eab166ca709a5a6d9f6370e09052c9b32095afa23edc8d24540b

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
7704c0e8d1cc9b0f7ce6ccda72632aa3

SHA1
5ff4e44a9c2ba106bafae5389ed07471c7aaff3b

SHA256
5b647f1777d1436250aa6093854cd70b95d53de6e06698d78ce5cf017731fce4

SHA512
757197bf7e7249c071cc0e3d01f2ca29d5e9ce24685725c0e9cbe0545e16bc67077d67aef415eab166ca709a5a6d9f6370e09052c9b32095afa23edc8d24540b

Download Submit
memory/1060-17-0x00000000009A0000-0x0000000000ED5000-memory.dmp

Filesize
5.2MB

Download
memory/1060-19-0x00000000009A0000-0x0000000000ED5000-memory.dmp

Filesize
5.2MB

Download
memory/2532-0-0x00000000003A0000-0x00000000008D5000-memory.dmp

Filesize
5.2MB

Download
memory/2532-27-0x00000000003A0000-0x00000000008D5000-memory.dmp

Filesize
5.2MB

Download
memory/3656-4-0x00000000003A0000-0x00000000008D5000-memory.dmp

Filesize
5.2MB

Download
memory/3656-29-0x00000000003A0000-0x00000000008D5000-memory.dmp

Filesize
5.2MB

Download