33865addf2f2d9c6a7272bc366348f60dc30329243a9dc8e07f46939e01bf763

General

Target

33865addf2f2d9c6a7272bc366348f60dc30329243a9dc8e07f46939e01bf763.exe
Size

2.0MB
MD5

5d1996a8f9b5d1ca4e0677a41f3871af
SHA1

0b94f2dafedab762e17ad38ea8fa8498b46390e1
SHA256

33865addf2f2d9c6a7272bc366348f60dc30329243a9dc8e07f46939e01bf763
SHA512

3a554727d43c44680259b13946c726ea19e00e01bc2dd1da364d04ffdad9ca4cd7fafb2c1f7f9f231ac1e952b254e33aa89431c1199e64fdfa5dd8eda30268c5
SSDEEP

49152:DVAbwuGwKOco09gsJcxlV8fTguPOAItUIrhO5Ov:pApQx5+Mc27g9tfoMv

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 6 IoCs

pid	Process
2908	setup.exe
2696	setup.exe
2676	setup.exe
1560	Assistant_112.0.5197.30_Setup.exe_sfx.exe
1348	assistant_installer.exe
868	assistant_installer.exe

Loads dropped DLL 7 IoCs

pid	Process
2908	setup.exe
2696	setup.exe
2676	setup.exe
1348	assistant_installer.exe
1348	assistant_installer.exe
868	assistant_installer.exe
868	assistant_installer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Assistant_112.0.5197.30_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	33865addf2f2d9c6a7272bc366348f60dc30329243a9dc8e07f46939e01bf763.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e75490f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e4190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c000000010000000400000000100000190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e199604000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
2908	setup.exe

Suspicious use of WriteProcessMemory 18 IoCs

description	pid	Process	procid_target
PID 1108 wrote to memory of 2908	1108	33865addf2f2d9c6a7272bc366348f60dc30329243a9dc8e07f46939e01bf763.exe	91
PID 1108 wrote to memory of 2908	1108	33865addf2f2d9c6a7272bc366348f60dc30329243a9dc8e07f46939e01bf763.exe	91
PID 1108 wrote to memory of 2908	1108	33865addf2f2d9c6a7272bc366348f60dc30329243a9dc8e07f46939e01bf763.exe	91
PID 2908 wrote to memory of 2696	2908	setup.exe	94
PID 2908 wrote to memory of 2696	2908	setup.exe	94
PID 2908 wrote to memory of 2696	2908	setup.exe	94
PID 2908 wrote to memory of 2676	2908	setup.exe	96
PID 2908 wrote to memory of 2676	2908	setup.exe	96
PID 2908 wrote to memory of 2676	2908	setup.exe	96
PID 2908 wrote to memory of 1560	2908	setup.exe	109
PID 2908 wrote to memory of 1560	2908	setup.exe	109
PID 2908 wrote to memory of 1560	2908	setup.exe	109
PID 2908 wrote to memory of 1348	2908	setup.exe	110
PID 2908 wrote to memory of 1348	2908	setup.exe	110
PID 2908 wrote to memory of 1348	2908	setup.exe	110
PID 1348 wrote to memory of 868	1348	assistant_installer.exe	111
PID 1348 wrote to memory of 868	1348	assistant_installer.exe	111
PID 1348 wrote to memory of 868	1348	assistant_installer.exe	111

C:\Users\Admin\AppData\Local\Temp\33865addf2f2d9c6a7272bc366348f60dc30329243a9dc8e07f46939e01bf763.exe
"C:\Users\Admin\AppData\Local\Temp\33865addf2f2d9c6a7272bc366348f60dc30329243a9dc8e07f46939e01bf763.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:1108
- C:\Users\Admin\AppData\Local\Temp\7zS45499718\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS45499718\setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2908
- - C:\Users\Admin\AppData\Local\Temp\7zS45499718\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS45499718\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.53 --initial-client-data=0x32c,0x330,0x334,0x300,0x338,0x74d5a174,0x74d5a180,0x74d5a18c
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2696
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2676
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\Assistant_112.0.5197.30_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:1560
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:1348
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=112.0.5197.30 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x918f40,0x918f4c,0x918f58
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4400,i,6510295916244954942,10164894160290787457,262144 --variations-seed-version --mojo-platform-channel-handle=4440 /prefetch:8
1⤵
PID:456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

1

T1112

Subvert Trust Controls

1

T1553

Install Root Certificate

1

T1553.004

Credential Access

Unsecured Credentials

1

T1552

Credentials In Files

1

T1552.001

Discovery

Peripheral Device Discovery

Query Registry

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Data from Local System

1

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BKKBWXOR\Assistant_112.0.5197.30_Setup[1].exe

Filesize
2.6MB

MD5
1bf64fd766bd850bcf8e0ffa9093484b

SHA1
01524bb2c88b7066391da291ee474004a4904891

SHA256
58794b1bf4d84bd7566ee89fd8a8a4157dc70c598d229ec5101959f30b6f3491

SHA512
cdf2830edc5d4f30beae41591f3a1bcff820f75444d70338a4c6d36e10df43475f383a9f291b619a008452c53e0dddf65547f217386389000535d6d264854e7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\assistant_installer.exe

Filesize
1.9MB

MD5
9afe96db501220cf42b262fdac954dc8

SHA1
d3471998f674b267256e72a30977a79abcd8fca9

SHA256
fc5608bf95bb02e889aa9be15abc5c066acd62ba07f886b323383e75909a2566

SHA512
ecff52ca7467e3948faa244c1fc7c3d4d1f1dbe74077d071b78147729a078cc6a676212e0606111edcf542d554045c4f5a4d502545b2f0a285cda6c5d0b69b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\dbgcore.dll

Filesize
166KB

MD5
e0274730d20eb9571d59f2da20d165a2

SHA1
b746aeca5f7cbee0de163309c9d207c94f9b8d64

SHA256
c5c4c6430bcfe6118a4f499c94afa460401e369dc548a24688532c95fd202ec5

SHA512
d95998b69e6c3d25037e12e038f2773960de2d18df1af0342fd805c7c349bd630a21d0e0fe7490baaf274e90781ebf6a2667e64593f9d91174d040bfe640bddf

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202408192331391\assistant\dbghelp.dll

Filesize
1.7MB

MD5
6e9976cc7b2def7a37106703e47626a5

SHA1
edcb4758f8ee56e9c6515f912d5024aeca9ead50

SHA256
fd8840fab4b61db4e9e09168e5b1b4f0e9bfea0a64482fd475ab63c712b92b9c

SHA512
27091e6ad001dac22897a295806925e02f693096d79667e587de74ca955ffb9b2773b22c83e306e7164862524e02ad028e68684c2ca7d9e4da1ff03787dd40ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS45499718\setup.exe

Filesize
5.2MB

MD5
44908c157516d82119d84a3b1c4a31f7

SHA1
dea19891d14b4e3598844f624c919b0dc5ce236f

SHA256
be21539218a31ff278f218a172b9972f4d8978a281387acdadf9a25b86e30b1a

SHA512
5a83d45533202ba573941d041619bd7f17e997f352f73528029d1f07da9a26c4f50f1cf77c822f972b596fa75bd2eeb0bca8170d89343d8b590ba869be058106

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2408192331373012908.dll

Filesize
4.7MB

MD5
d7b7e0f7865a3cc624e95cefe2bc205c

SHA1
1352733bfaa54292d1457d3f7a87069c00a1f56f

SHA256
94028494f0c28a14f21179ef4096e0c52f1d022a5ad65b070f0d8584b500b597

SHA512
e5bced68446f702de4236a6f11ec005bc5233915ff689693a1894afe7ea924ca6d6d8ae722b12daa0ee0b4e35223606a55f13b34db648bfb24e96a76e834ff08

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
a8bbc0840cbab8fffc8171aa248b9067

SHA1
adcd260ead3af163409357699ce7f5a4e2f46fdd

SHA256
d6289e9a90f986740a76822603a4c49f1e237b20946cf16050dfe719b6d167f6

SHA512
90d88d555d66ba5ee129bc749777b7851892cf60df796e95b2ed12c9c113cba91f2000e85a47c90741c2c1494b16281b5251b11fc4a3b81e0d389bce24708c4c

Download Submit

Analysis

Sharing