Analysis Overview
SHA256
73ce5730dea408cc582c76d901d19df1fb8158a5309e0bd82a6f014bd749c896
Threat Level: Shows suspicious behavior
The file hjsplit-3.0-installer_RN-hkU1.exe was found to be: Shows suspicious behavior.
Malicious Activity Summary
Downloads MZ/PE file
Enumerates connected drives
Checks computer location settings
Loads dropped DLL
Executes dropped EXE
Enumerates physical storage devices
Program crash
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
Checks processor information in registry
Suspicious use of FindShellTrayWindow
Script User-Agent
Suspicious use of WriteProcessMemory
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V16
Analysis: static1
Detonation Overview
Reported
2025-07-04 12:12
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2025-07-04 12:12
Reported
2025-07-04 12:13
Platform
win10v2004-20250502-en
Max time kernel
15s
Max time network
30s
Command Line
Signatures
Downloads MZ/PE file
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\component1.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe | N/A |
| File opened (read-only) | \??\F: | C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-C911K.tmp\hjsplit-3.0-installer_RN-hkU1.tmp | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-3951986358-4006919840-1009690842-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\component1.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-C911K.tmp\hjsplit-3.0-installer_RN-hkU1.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\component0_extract\OperaSetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\component1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\cigevpu3.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe | N/A |
Enumerates physical storage devices
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\is-C911K.tmp\hjsplit-3.0-installer_RN-hkU1.tmp |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Users\Admin\AppData\Local\Temp\is-C911K.tmp\hjsplit-3.0-installer_RN-hkU1.tmp |
Reads user/profile data of web browsers
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-C911K.tmp\hjsplit-3.0-installer_RN-hkU1.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\component0_extract\OperaSetup.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\cigevpu3.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\hjsplit-3.0-installer_RN-hkU1.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Users\Admin\AppData\Local\Temp\is-C911K.tmp\hjsplit-3.0-installer_RN-hkU1.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ | C:\Users\Admin\AppData\Local\Temp\is-C911K.tmp\hjsplit-3.0-installer_RN-hkU1.tmp | N/A |
Script User-Agent
| Description | Indicator | Process | Target |
| HTTP User-Agent header | Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) | N/A | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\component1.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-C911K.tmp\hjsplit-3.0-installer_RN-hkU1.tmp | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\hjsplit-3.0-installer_RN-hkU1.exe
"C:\Users\Admin\AppData\Local\Temp\hjsplit-3.0-installer_RN-hkU1.exe"
C:\Users\Admin\AppData\Local\Temp\is-C911K.tmp\hjsplit-3.0-installer_RN-hkU1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-C911K.tmp\hjsplit-3.0-installer_RN-hkU1.tmp" /SL5="$501F8,872750,867840,C:\Users\Admin\AppData\Local\Temp\hjsplit-3.0-installer_RN-hkU1.exe"
C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\component0_extract\OperaSetup.exe
"C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\component0_extract\OperaSetup.exe" --silent --allusers=0 --otd=utm.medium:apb,utm.source:ais,utm.campaign:opera_new_b
C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\component1.exe
"C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\component1.exe" -ip:"dui=7a4d93d7-64f1-4cca-8000-ca415943782f&dit=20250704121321&is_silent=true&oc=ZB_RAV_Cross_Solo_Soft&p=fa70&a=100&b=" -i
C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe --silent --allusers=0 --otd=utm.medium:apb,utm.source:ais,utm.campaign:opera_new_b --server-tracking-blob=ZjViNGRlYTFkZmM3YjBmOTczZmI3MjA1NjU3M2U2Y2E1NmY3M2QzZWRkMjUxODI5YzUxMmZlZmY2MTlkYTkzZDp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cyIsInRpbWVzdGFtcCI6IjE3NTExOTQ4NDYuMTUwOSIsInVzZXJhZ2VudCI6InB5dGhvbi1yZXF1ZXN0cy8yLjMyLjMiLCJ1dG0iOnt9LCJ1dWlkIjoiYTU4ZDRjOTMtM2QzOC00ZGUxLWE1N2MtN2Q5YzBkZjdmMWUyIn0=
C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=119.0.5497.141 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0x7ffd27f3a108,0x7ffd27f3a114,0x7ffd27f3a120
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\setup.exe" --version
C:\Users\Admin\AppData\Local\Temp\cigevpu3.exe
"C:\Users\Admin\AppData\Local\Temp\cigevpu3.exe" /silent
C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe
"C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe" --backend --install --import-browser-data=0 --enable-crash-reporting=1 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --showunbox=0 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=4708 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20250704121332" --session-guid=01ff45ec-b7e0-4c2d-8156-c5d00f5ad77f --server-tracking-blob="MGI4NzcxZTE2NDE1NzI1OGViNWU2NWJkZjQ2YTliMTExMTFiNDNhZjliMTMwMTNhNDE5ZGRjMzJhMTg3YjAxMDp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cyIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTc1MTE5NDg0Ni4xNTA5IiwidXNlcmFnZW50IjoicHl0aG9uLXJlcXVlc3RzLzIuMzIuMyIsInV0bSI6eyJjYW1wYWlnbiI6Im9wZXJhX25ld19iIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiYWlzIn0sInV1aWQiOiJhNThkNGM5My0zZDM4LTRkZTEtYTU3Yy03ZDljMGRmN2YxZTIifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=4005000000000000
C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe
C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=119.0.5497.141 --initial-client-data=0x26c,0x270,0x274,0x23c,0x278,0x7ffd271da108,0x7ffd271da114,0x7ffd271da120
C:\Users\Admin\AppData\Local\Temp\7zS49DD71E7\UnifiedStub-installer.exe
.\UnifiedStub-installer.exe /silent
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4872 -ip 4872
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 908
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -i -bn:ReasonLabs -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -dt:10
C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe
"C:\Program Files\ReasonLabs\Common\rsSyncSvc.exe" -pn:EPP -lpn:rav_antivirus -url:https://update.reasonsecurity.com/v2/live -bn:ReasonLabs -dt:10
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 524 -p 4872 -ip 4872
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4872 -s 908
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | d20rp3wwf0n82p.cloudfront.net | udp |
| BE | 18.239.216.88:443 | d20rp3wwf0n82p.cloudfront.net | tcp |
| BE | 18.239.216.88:443 | d20rp3wwf0n82p.cloudfront.net | tcp |
| US | 8.8.8.8:53 | images.sftcdn.net | udp |
| US | 151.101.129.91:443 | images.sftcdn.net | tcp |
| US | 8.8.8.8:53 | gsf-fl.softonic.com | udp |
| US | 151.101.129.91:443 | gsf-fl.softonic.com | tcp |
| US | 8.8.8.8:53 | shield.reasonsecurity.com | udp |
| DE | 18.172.112.22:443 | shield.reasonsecurity.com | tcp |
| US | 8.8.8.8:53 | autoupdate.opera.com | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 185.26.182.123:443 | autoupdate.opera.com | tcp |
| NL | 185.26.182.123:443 | autoupdate.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| US | 8.8.8.8:53 | api.config.opr.gg | udp |
| NL | 82.145.216.58:443 | features.opera-api2.com | tcp |
| US | 104.18.24.17:443 | api.config.opr.gg | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.180.3:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 185.26.182.117:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.11.89:443 | download5.operacdn.com | tcp |
| US | 8.8.8.8:53 | pac.rlinfraservices.com | udp |
| DE | 65.9.66.71:443 | pac.rlinfraservices.com | tcp |
| DE | 65.9.66.71:443 | pac.rlinfraservices.com | tcp |
| DE | 65.9.66.71:443 | pac.rlinfraservices.com | tcp |
| DE | 65.9.66.71:443 | pac.rlinfraservices.com | tcp |
| US | 8.8.8.8:53 | update.reasonsecurity.com | udp |
| US | 3.171.214.100:443 | update.reasonsecurity.com | tcp |
| DE | 65.9.66.71:443 | pac.rlinfraservices.com | tcp |
| DE | 65.9.66.71:443 | pac.rlinfraservices.com | tcp |
| US | 8.8.8.8:53 | electron-shell.reasonsecurity.com | udp |
| DE | 18.66.102.5:443 | electron-shell.reasonsecurity.com | tcp |
Files
memory/5728-0-0x00000000003E0000-0x00000000004C4000-memory.dmp
memory/5728-2-0x00000000003E1000-0x000000000048E000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-C911K.tmp\hjsplit-3.0-installer_RN-hkU1.tmp
| MD5 | 84fb9d7a19c10c983120fed9dfde6d32 |
| SHA1 | ca4a3c229d02855eab2ad3e2b72989b069667d32 |
| SHA256 | 30ce7b43bf3544184d4549eacd952ef59af7cfd71399258107ec674202edb801 |
| SHA512 | 6424ddc684744b242cbb74953b6b0a2bd369cd363ef9d104150ab15c65a6479baeac0be6da8392a4f4079af81b4467e39ed0787633b8ed00878c5d9c3b230777 |
memory/4872-6-0x0000000000320000-0x0000000000697000-memory.dmp
memory/4872-14-0x0000000006FE0000-0x0000000007120000-memory.dmp
memory/4872-15-0x0000000000320000-0x0000000000697000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\100.png
| MD5 | 2c4e7b108bb9ef62624cf41ecdacee13 |
| SHA1 | 9650d119f8adaa8e9139c2f62632e46e3257eacf |
| SHA256 | 3d212b04f3361bbd2f23db55163b1be73cd23aa0c73157b1e32712365bfd1839 |
| SHA512 | 18363c83ce954cc1a75da2a89c2eefeab4056057b1b3bd67467c782a30c417b25795946b7ce968cbe10b9b8a47b898854d71721ba3e4cd118aa365a6cdf50e54 |
memory/4872-19-0x0000000006FE0000-0x0000000007120000-memory.dmp
memory/4872-20-0x0000000000320000-0x0000000000697000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\101.png
| MD5 | 4167c79312b27c8002cbeea023fe8cb5 |
| SHA1 | fda8a34c9eba906993a336d01557801a68ac6681 |
| SHA256 | c3bf350627b842bed55e6a72ab53da15719b4f33c267a6a132cb99ff6afe3cd8 |
| SHA512 | 4815746e5e30cbef626228601f957d993752a3d45130feeda335690b7d21ed3d6d6a6dc0ad68a1d5ba584b05791053a4fc7e9ac7b64abd47feaa8d3b919353bb |
memory/4872-24-0x0000000004ED0000-0x0000000005010000-memory.dmp
memory/4872-25-0x0000000000320000-0x0000000000697000-memory.dmp
memory/5728-26-0x00000000003E0000-0x00000000004C4000-memory.dmp
memory/4872-29-0x0000000000320000-0x0000000000697000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\component0.zip
| MD5 | 9c862c6572bb289e48e97e6d7ff1dec2 |
| SHA1 | 70dcafaa90d6d1c3286d665a4f225358886bc9f6 |
| SHA256 | 76b8d331a971bba902255797d235dab0488de87ce9e4786f919459f642ba21a8 |
| SHA512 | ca9269e6d202ae3daa3a753357c76f586c328593ce6e54ae4d129c8bf09ab302b9d824c557e8a5d29ab7f40c4455fd1363eea2fb0903eb0070559408ee2cc446 |
C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\component0_extract\OperaSetup.exe
| MD5 | a04a8f40681ac4f26e94fed2eedcf57d |
| SHA1 | c8e0a3c764b1742a5e37ba6cda42b886744bafa9 |
| SHA256 | 7f8921a03d763cdfa3e4e775b7e527ea2412bb1a35a02a29d3eaf01115636f97 |
| SHA512 | 08b86d00e928542429c27f9e9de600914ab40d11b135d33f78d81aa002845a469983eb2bd9df9258236e3c5d4966f9090ebd594a6d7e5da2d9a634a6e7eef6cf |
C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\component1.exe
| MD5 | 6d5ab55b01bd3470b621ea524cca8718 |
| SHA1 | 0b41532df90f73ece69279e20b955223bbfa7ea0 |
| SHA256 | 9e3b28bddf8267a41b4acce7ae82dec05057951d4a992a61fae10caa8fcc47e6 |
| SHA512 | c4fee966d699b9d6afc91867cbaf142e108b09eb856166f1d2020b1e94ae014db0ab5eea7df95edd2044f3a9f9f0ee5e7f94206bcec0c768f8bea95a8cdd4a62 |
memory/4864-78-0x000001C875CB0000-0x000001C875CB8000-memory.dmp
memory/4864-79-0x000001C878650000-0x000001C878B78000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS0C6896D7\setup.exe
| MD5 | 87bf1725b3000a6ecdf13311ee84c309 |
| SHA1 | 6ae16f7820b26d5e64947c768a7e26335bf3b8d6 |
| SHA256 | 64dd3c24b6d4ec90c9a41c3e0cb4259489403694462f7b9af32bd5639f89b9c8 |
| SHA512 | 90fd3b77741376fb71beb742512a8fc30d8fd6a36d3e7976ebd290878f2f27341890cb7dbd98b076fcf8cb7f899272c157cd53281faa79f0ce3c235ec0502f63 |
C:\Users\Admin\Downloads\hjsplit-3.0-installer.exe
| MD5 | 3101bcfab575371d297c7490418614c6 |
| SHA1 | 56604d00b9565ac4782898df40ce49797b3c5205 |
| SHA256 | 4f184654df72a63066367378faac9b71b364705a69aa0002dcf4dc63d5b7c705 |
| SHA512 | 05f96a893d80f5a0d106ceaf2e070ba02a090021b3e3ffc95f34a12e9e46fcdc297d767cdfff8fdd01c8c5b57747fa81da0b31e146ca2d396b305e0c4cc4311c |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2507041213308344708.dll
| MD5 | 2b834b274908a2430bcce47999d7e563 |
| SHA1 | 767bec23644f8d426afb1c67da46dc0b24e21d09 |
| SHA256 | 0598bc898a637644e4f3f09f1d0a0e4eb7dd7d020a7455e732c6d4c1cc3662d8 |
| SHA512 | 4dd95fdab87d23994fa70f97b55e14642f92e5f61d400d84f97e880c75a60df3a8e1034075b08b5a10bc9e034255e3f8bf9da7aa9d2e14e1df050222339a6cb1 |
memory/4872-108-0x0000000004ED0000-0x0000000005010000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\cigevpu3.exe
| MD5 | b155d75268acb9ca8536cbd5392665d1 |
| SHA1 | c03e82265a5898df4e77f9bcaf15ced5f4bf46f8 |
| SHA256 | b0b131c6a67b2d48dd49e7ee4f4c4f08789b7155c8ae6496a22ae2ca96eb32f6 |
| SHA512 | 330f74df3d3b0cb7f0dfb942fbacb1e1db5049b5e93482b09a67cb9d9df5c9ecd55dbde32eca5ef52a8359f3a1413e8795fb92c27ee3c6aaf90a6a2d3d0e0372 |
memory/4872-111-0x0000000000320000-0x0000000000697000-memory.dmp
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | c4ea7bf4463f47c7b9d084469cc09d5f |
| SHA1 | 4fdc041ee0d482275edc1927cc3f0fd6b8db2c37 |
| SHA256 | c49e295165d9505cf75d04b894d7b5ddf42f3a4daaf5e2dd7694b78caa4267b5 |
| SHA512 | 4ddd5522aef862b944af2ba122c2b0b0fa75ec7592ce6cb2a9471375c93ddaba8854595092094193661b00248e189208766b15dd39c9be26d0ce5fdc11f41b79 |
C:\Users\Admin\AppData\Local\Temp\is-S1TJT.tmp\Y.png
| MD5 | c199687e52f7393c941a143b45d78207 |
| SHA1 | 5aedbdffea28ef6af64101d9244140519f18c463 |
| SHA256 | 0eb767424750b6f8c22ae5ebb105c5c37b3a047eed986ffa6deba53efdc2142e |
| SHA512 | 51ef05c620d0bc4179189ca081e6bd63c49dad5f4aff7d273f0cdb9603cb6ebbcb4101e110c3fe769439ea1fc717ea7d56679fc776d2582643a18ab48cbdfeff |
C:\Users\Admin\AppData\Local\Temp\7zS49DD71E7\UnifiedStub-installer.exe
| MD5 | 2dee8fdc13496591f9a6062716713da9 |
| SHA1 | 98635af8dda9ce103f0e562ea3f74d3894208eae |
| SHA256 | 2656bc7e9dc763723185b043bd2f2d34520802cec40f8284b23a92b85bef9355 |
| SHA512 | 7f370e6a65461bad1ff7e6d20c69dc3a6916013b457892fd7ff733dd96872e2012f6cce8d9f2c29c71341b70504cc74072747c656bd909508caca96822e95119 |
memory/5640-285-0x000001DBC8B70000-0x000001DBC8C7A000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS49DD71E7\rsStubLib.dll
| MD5 | 19ea24b275cf176f635fb2b827b9eab9 |
| SHA1 | ed0171bd2d3cd0129e34aa8181ed31f7cd18e66f |
| SHA256 | 820fa960ae79423dba007f2c15610fd398c213de2be1d2e12c25f3f2f6208a9b |
| SHA512 | 5901015f86cd6c05a1eca43c9d29815aaec293e5831221af957b9655e9b1253125631d4e1ea8866d2b6aae8a05fcb386fa548d1e7150be53ab30b00784fded72 |
memory/4872-289-0x0000000000320000-0x0000000000697000-memory.dmp
memory/5640-288-0x000001DBCA930000-0x000001DBCA978000-memory.dmp
memory/5640-291-0x000001DBCA980000-0x000001DBCA9B2000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS49DD71E7\rsLogger.dll
| MD5 | 300d10b8ef710d8dc2c027f5a68ef2a3 |
| SHA1 | 726912345e215dee4a21e0dde4ceed6e7148a4b2 |
| SHA256 | da49551cae8273258b40f74549a12a5d619fb97fd99c0213faf592e48fec2105 |
| SHA512 | 9e15252cecd685cbc25213d561996e8309f98bee2f772ef7aa493ae6f2b2512409eead8da06f1a91bcb42f929c0e73a040f252a7e7b97bdd6efa65189918b410 |
C:\Users\Admin\AppData\Local\Temp\7zS49DD71E7\Newtonsoft.Json.dll
| MD5 | 2f821ce92925150de35a305bd73c461c |
| SHA1 | 686f1e7d271f1d5a60baab86fa0d767cd93871a9 |
| SHA256 | 70f86c1eef5db20e0656f4de14d0d7fdbe63e4685c0f4beca75acbdb567201e3 |
| SHA512 | ac87c9e73e75ad2c38d6b4cf8f17d2970acd1c17b36c1c1f213ea6cc2552dc6a3639c48fdcf226622b4d7831ceed84985c47cc191053c8a8a4daf871e6db0e19 |
memory/5640-293-0x000001DBE3360000-0x000001DBE3412000-memory.dmp
memory/5640-294-0x000001DBCA9F0000-0x000001DBCAA12000-memory.dmp
memory/5640-296-0x000001DBCABE0000-0x000001DBCAC10000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS49DD71E7\Reason.PAC.dll
| MD5 | 21ca59f72398c27c700124a27e59a7d5 |
| SHA1 | 14915346f33d306c072749dd19d86b0ffee28b45 |
| SHA256 | 9373220a0f0c7685c3f7b667267af74bfdebd215082cc64d5ed4983a5c186da0 |
| SHA512 | 125704154d61ce6c4c7e09b101add44dd89a6364dccc727c91fac70c4d453caf08c9300dc3542e4468eb9f3b4a03db14556de85a4437e4b0a457fdd29ab0c27d |
memory/4872-302-0x0000000000320000-0x0000000000697000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS49DD71E7\uninstall-epp.exe
| MD5 | 667b2fa48ae25bcd62542cc10e9bb350 |
| SHA1 | 530e51f92728a0ea9042b1b6198ccae31867f26e |
| SHA256 | bd22c0369e317836ba565278e97cebc14fef39d2701b39b4c1f77a80881c4d55 |
| SHA512 | d630f961ff98909a01df691bef6943ba01110d69ac8fb1fd8cb9d3b0524d1dc7b32a24480e754ec0df32b9d73b6f18f31ce84692a96a49b3732c49af5e475621 |
memory/5640-308-0x000001DBE3620000-0x000001DBE3678000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\7zS49DD71E7\Microsoft.Win32.TaskScheduler.dll
| MD5 | afde76aecf36e38c43793614daeaad84 |
| SHA1 | 23722edc87e40a1c30b6d5f8ac61ac3c1c5bca68 |
| SHA256 | 5206ad344b09ee1175362030bb8527b704341aa7d64d1dd74d37e4f574c34f0e |
| SHA512 | 6641d46b6aa3201f674d9beacd40f189ca87116ce9fd4ab0e96b28f17645778123ad1f179fb0e37a5565d66e5d0a873664d80abe487dedb12063df4ce7cd5d0c |
C:\Users\Admin\AppData\Local\Temp\7zS49DD71E7\rsSyncSvc.exe
| MD5 | f2738d0a3df39a5590c243025d9ecbda |
| SHA1 | 2c466f5307909fcb3e62106d99824898c33c7089 |
| SHA256 | 6d61ac8384128e2cf3dcd451a33abafab4a77ed1dd3b5a313a8a3aaec2b86d21 |
| SHA512 | 4b5ed5d80d224f9af1599e78b30c943827c947c3dc7ee18d07fe29b22c4e4ecdc87066392a03023a684c4f03adc8951bb5b6fb47de02fb7db380f13e48a7d872 |
memory/5728-330-0x00000000003E0000-0x00000000004C4000-memory.dmp