Overview

overview

8

Static

static

TLauncher-....1.exe

windows7-x64

8

TLauncher-....1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    154s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    27-12-2022 20:10

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-2.86-Installer-1.0.1.exe

  • Size

    21.7MB

  • MD5

    f643be370cc9763a17f7746b1b6a0243

  • SHA1

    c65391f59a6e1421d783eaf43eb9661cfd476f82

  • SHA256

    5ab5f39d143b6ff77df2fd5026ac8e4788edfd3de27a4e1fa4b420a7d2f61d38

  • SHA512

    5ce377dc1a4a59723cf2b969c0cadb3197e5bf61d0064e2e8c94a0be9d4fd1cd9b33e05078a17e89f54b763e180be32ce14b46949a58ff47e5df18183291142f

  • SSDEEP

    393216:WXYwVCtYto0fs/dQETVlOBbpFEj9GZdqV56HpkbGCST7yuk9sLx:WowVCWTHExiTTqqHpMsV

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 44 IoCs
  • UPX packed file 42 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 3 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 5 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 18 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 34 IoCs
  • Suspicious use of FindShellTrayWindow 2 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:896
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1908426 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe" "__IRCT:3" "__IRTSS:22693301" "__IRSID:S-1-5-21-2292972927-2705560509-2768824231-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1488
      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1536
        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1814730 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1839152" "__IRSID:S-1-5-21-2292972927-2705560509-2768824231-1000"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies system certificate store
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1484
          • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Enumerates connected drives
            • Modifies system certificate store
            • Suspicious use of WriteProcessMemory
            PID:1276
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x71508658,0x71508668,0x71508674
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1512
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1416
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1276 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20221227211238" --session-guid=aeced896-de4e-42ce-a328-2f7a973868b2 --server-tracking-blob=OTI5ZDg3MGQwYjAwMDNjOWZiMDQ5Nzc5Mjc2OTUzYTM5NjAzYzg0Yzk4YThjODMyOWZmZDVmMTZiMjczZGYyYjp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzIxNzE5NDcuMDI0NiIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiY2MxYjZiOWEtZGQ3My00YzJjLWI2NmEtM2Y4YzEyMTViMjc4In0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0C03000000000000
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Enumerates connected drives
              • Suspicious use of WriteProcessMemory
              PID:1000
              • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x70a78658,0x70a78668,0x70a78674
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:1712
              • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\installer.exe
                "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\installer.exe" --backend --initial-pid=1276 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381" --session-guid=aeced896-de4e-42ce-a328-2f7a973868b2 --server-tracking-blob=OTI5ZDg3MGQwYjAwMDNjOWZiMDQ5Nzc5Mjc2OTUzYTM5NjAzYzg0Yzk4YThjODMyOWZmZDVmMTZiMjczZGYyYjp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzIxNzE5NDcuMDI0NiIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiY2MxYjZiOWEtZGQ3My00YzJjLWI2NmEtM2Y4YzEyMTViMjc4In0= --silent --desktopshortcut=1 --install-subfolder=94.0.4606.38
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Enumerates connected drives
                • Modifies registry class
                PID:1468
                • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\installer.exe
                  C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x174,0x178,0x17c,0x148,0x180,0x7fef6702c98,0x7fef6702ca8,0x7fef6702cb8
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:1632
                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\assistant_installer.exe
                  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\assistant_installer.exe" --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera\assistant" --copyonly=0 --allusers=0
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Adds Run key to start application
                  • Modifies Internet Explorer settings
                  PID:1924
                  • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\assistant_installer.exe
                    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0x15c2dc0,0x15c2dd0,0x15c2ddc
                    9⤵
                    • Executes dropped EXE
                    PID:980
                • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                  "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:836
                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Enumerates system info in registry
                    • Suspicious use of AdjustPrivilegeToken
                    PID:932
                    • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_crashreporter.exe
                      C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feef60a490,0x7feef60a4a0,0x7feef60a4b0
                      10⤵
                      • Executes dropped EXE
                      PID:2056
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1048 --field-trial-handle=1144,i,12640257774603682338,516031714899942141,131072 /prefetch:2
                      10⤵
                      • Executes dropped EXE
                      PID:2324
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1376 --field-trial-handle=1144,i,12640257774603682338,516031714899942141,131072 /prefetch:8
                      10⤵
                      • Executes dropped EXE
                      PID:2508
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\_sfx.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\_sfx.exe"
              6⤵
              • Executes dropped EXE
              PID:1580
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\assistant_installer.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\assistant_installer.exe" --version
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:608
              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\assistant_installer.exe
                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0x15c2dc0,0x15c2dd0,0x15c2ddc
                7⤵
                • Executes dropped EXE
                PID:1600
  • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe" --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera\assistant" --run-assistant --allusers=0
    1⤵
    • Executes dropped EXE
    • Loads dropped DLL
    PID:1704
    • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe
      C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x12c,0x130,0x134,0x100,0x138,0xc52dc0,0xc52dd0,0xc52ddc
      2⤵
      • Executes dropped EXE
      PID:608
    • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      PID:808
      • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
        3⤵
        • Executes dropped EXE
        PID:472
      • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
        C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x150,0x154,0x158,0x124,0x15c,0x14323f8,0x1432408,0x1432414
        3⤵
        • Executes dropped EXE
        PID:1932
        • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
          4⤵
          • Executes dropped EXE
          PID:1576
        • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
          4⤵
          • Executes dropped EXE
          PID:1184
        • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
          4⤵
          • Executes dropped EXE
          PID:1572
      • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
        3⤵
        • Executes dropped EXE
        PID:1580
  • C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\unsecapp.exe -Embedding
    1⤵
      PID:424
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
      1⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Adds Run key to start application
      • Enumerates system info in registry
      • Modifies system certificate store
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2608
      • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_crashreporter.exe
        C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feef60a490,0x7feef60a4a0,0x7feef60a4b0
        2⤵
        • Executes dropped EXE
        PID:2668
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1080 --field-trial-handle=1236,i,801202730881954598,7182808068874017560,131072 /prefetch:2
        2⤵
        • Executes dropped EXE
        PID:2832
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1416 --field-trial-handle=1236,i,801202730881954598,7182808068874017560,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:2992
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1544 --field-trial-handle=1236,i,801202730881954598,7182808068874017560,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:3004
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2092 --field-trial-handle=1236,i,801202730881954598,7182808068874017560,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:1292
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2104 --field-trial-handle=1236,i,801202730881954598,7182808068874017560,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:2380
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2128 --field-trial-handle=1236,i,801202730881954598,7182808068874017560,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:2476
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2152 --field-trial-handle=1236,i,801202730881954598,7182808068874017560,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:2272
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2140 --field-trial-handle=1236,i,801202730881954598,7182808068874017560,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:2648
      • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
        2⤵
        • Executes dropped EXE
        PID:1052
        • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe
          C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x13fef9b38,0x13fef9b48,0x13fef9b58
          3⤵
          • Executes dropped EXE
          PID:2044
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=2236 --field-trial-handle=1236,i,801202730881954598,7182808068874017560,131072 /prefetch:1
        2⤵
          PID:2312
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2164 --field-trial-handle=1236,i,801202730881954598,7182808068874017560,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:2644
      • C:\Windows\system32\taskeng.exe
        taskeng.exe {A040674A-5D5E-4595-ADD3-B02B3B2134A9} S-1-5-21-2292972927-2705560509-2768824231-1000:GRXNNIIE\Admin:Interactive:[1]
        1⤵
          PID:1088
          • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
            C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=94.0.4606.38 --newautoupdaterlogic
            2⤵
            • Executes dropped EXE
            PID:1380
            • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
              3⤵
              • Executes dropped EXE
              PID:1188

        Network

        MITRE ATT&CK Enterprise v6

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
          Filesize

          61KB

          MD5

          fc4666cbca561e864e7fdf883a9e6661

          SHA1

          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

          SHA256

          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

          SHA512

          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
          Filesize

          471B

          MD5

          3644127eb43499729c0f4e9cc43b9893

          SHA1

          678b8fd186a7529e87cfd16ac8416a5bd9618b57

          SHA256

          cf805d516e1dd8f2dcec66b01af1b1ae47b7c1175275b6ca0e6935842fa50f6a

          SHA512

          6c771c2c1f37979cd64c0a5576d730060940826d068cf5d284ee1a38d8257263116d3ab4254465f69d0759e99da007582d10272d526fd1e20af6b488622856ed

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d2a504944977d83386e79d7f163d3b3e

          SHA1

          7d79e7a4cdacdfd475189180e1f28b83c714e567

          SHA256

          24cae20cced5bac9c587dbb245893dd88d5837578493b924206ad8780314a6bf

          SHA512

          1f45826dcd5b35811799ad9b1d3a07a5226820bd628fb5d0a7b06aed5428926dcda41c7a9a89a330c412ae879fd68fe38b09c1a02e12c5edfd951e5272d8d043

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          d2a504944977d83386e79d7f163d3b3e

          SHA1

          7d79e7a4cdacdfd475189180e1f28b83c714e567

          SHA256

          24cae20cced5bac9c587dbb245893dd88d5837578493b924206ad8780314a6bf

          SHA512

          1f45826dcd5b35811799ad9b1d3a07a5226820bd628fb5d0a7b06aed5428926dcda41c7a9a89a330c412ae879fd68fe38b09c1a02e12c5edfd951e5272d8d043

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          2e3ca14e271b47fbf842f2cb9e15f29e

          SHA1

          ad8514e15969e6158c4ac0e6d29f1b55947da8bc

          SHA256

          937f9d35dbffe3982dd91f304f404a93192c68e6f550421ba6e6f882ff799bbe

          SHA512

          38ef520c8eabd42e9c0fc62c8660067dcc786638e8d88e2e8ce0f233b53e13446b67351ab1fdd7311ac5cf89187660f1fb12dbb8e40edac539d6f413135f89f5

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
          Filesize

          342B

          MD5

          051d6beabe8064715f31629ca0056f8d

          SHA1

          83d4f9860e64a9ea3f5a6d4cc5eb0f68fe806ad0

          SHA256

          82e345ff43e72896c6a741e98b8beee4acd617e3277d5b513182ef0d8fd2c872

          SHA512

          c89b599d8c62a4b40bf26d693b35d4f53247d57d6803426f858e3addba97c940c2315609aac0098efd13260badd4f97e2f8eac2f64be6b85836806fba09e28e8

          Download Submit

        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
          Filesize

          434B

          MD5

          731f0017bcab6661318ed5a1998e66fb

          SHA1

          b70d5fa15063afaa999c086edd57240ed3001647

          SHA256

          9042417aedccceded03129704fd3b720f61e135e02e219ccd07757ac5614b142

          SHA512

          ae1004b89b7b59e937520e5a416bac2352f0bc48c7be6b2f70e432ed47ff72795d9b5d254899b283be8666d133beafc69d3c87be3fea9e2993f052aa26e46b4a

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
          Filesize

          2.7MB

          MD5

          d86d0910eeb3ab049cba33fd317f2763

          SHA1

          d8977ba87c18bc5c6339a1c651c995ecf6677c64

          SHA256

          36ee186d069f14110dc29c038ac08be9910deb6b128787eaa990c9e37749d833

          SHA512

          8553c97f1ff31d0f6f2f7360f31a769cdbb78b349c65c681f8e6c273c300497fbcfc730ace72ec018538456ded7794bc4aa8300a51d7e77b6259809a22fafe07

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\_sfx.exe
          Filesize

          1.7MB

          MD5

          0238df215bf6943892daf85de8ad433a

          SHA1

          3d905e4e2c0e9170df61b7a199321847691f945e

          SHA256

          a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

          SHA512

          fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\_sfx.exe
          Filesize

          1.7MB

          MD5

          0238df215bf6943892daf85de8ad433a

          SHA1

          3d905e4e2c0e9170df61b7a199321847691f945e

          SHA256

          a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

          SHA512

          fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\assistant_installer.exe
          Filesize

          2.1MB

          MD5

          9df6e2fbb7e38964f35016bf91ef7424

          SHA1

          d0c1266dc46814bc6165cf6a69e90581228989a7

          SHA256

          3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

          SHA512

          b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\assistant_installer.exe
          Filesize

          2.1MB

          MD5

          9df6e2fbb7e38964f35016bf91ef7424

          SHA1

          d0c1266dc46814bc6165cf6a69e90581228989a7

          SHA256

          3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

          SHA512

          b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
          Filesize

          1.8MB

          MD5

          f8996d2158a69a12b4bc99edd28100bc

          SHA1

          892887691df881fe432e09b618e90f50447340e6

          SHA256

          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

          SHA512

          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
          Filesize

          1.8MB

          MD5

          f8996d2158a69a12b4bc99edd28100bc

          SHA1

          892887691df881fe432e09b618e90f50447340e6

          SHA256

          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

          SHA512

          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
          Filesize

          1.3MB

          MD5

          1313bb5df6c6e0d5c358735044fbebef

          SHA1

          cac3e2e3ed63dc147318e18f202a9da849830a91

          SHA256

          7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

          SHA512

          596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
          Filesize

          1.3MB

          MD5

          1313bb5df6c6e0d5c358735044fbebef

          SHA1

          cac3e2e3ed63dc147318e18f202a9da849830a91

          SHA256

          7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

          SHA512

          596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
          Filesize

          326KB

          MD5

          80d93d38badecdd2b134fe4699721223

          SHA1

          e829e58091bae93bc64e0c6f9f0bac999cfda23d

          SHA256

          c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

          SHA512

          9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          Filesize

          1.3MB

          MD5

          e7bbc7b426cee4b8027a00b11f06ef34

          SHA1

          926fad387ede328d3cfd9da80d0b303a865cca98

          SHA256

          e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

          SHA512

          f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          Filesize

          1.3MB

          MD5

          e7bbc7b426cee4b8027a00b11f06ef34

          SHA1

          926fad387ede328d3cfd9da80d0b303a865cca98

          SHA256

          e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

          SHA512

          f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
          Filesize

          326KB

          MD5

          80d93d38badecdd2b134fe4699721223

          SHA1

          e829e58091bae93bc64e0c6f9f0bac999cfda23d

          SHA256

          c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

          SHA512

          9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
          Filesize

          2.7MB

          MD5

          d86d0910eeb3ab049cba33fd317f2763

          SHA1

          d8977ba87c18bc5c6339a1c651c995ecf6677c64

          SHA256

          36ee186d069f14110dc29c038ac08be9910deb6b128787eaa990c9e37749d833

          SHA512

          8553c97f1ff31d0f6f2f7360f31a769cdbb78b349c65c681f8e6c273c300497fbcfc730ace72ec018538456ded7794bc4aa8300a51d7e77b6259809a22fafe07

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
          Filesize

          2.7MB

          MD5

          d86d0910eeb3ab049cba33fd317f2763

          SHA1

          d8977ba87c18bc5c6339a1c651c995ecf6677c64

          SHA256

          36ee186d069f14110dc29c038ac08be9910deb6b128787eaa990c9e37749d833

          SHA512

          8553c97f1ff31d0f6f2f7360f31a769cdbb78b349c65c681f8e6c273c300497fbcfc730ace72ec018538456ded7794bc4aa8300a51d7e77b6259809a22fafe07

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
          Filesize

          2.7MB

          MD5

          d86d0910eeb3ab049cba33fd317f2763

          SHA1

          d8977ba87c18bc5c6339a1c651c995ecf6677c64

          SHA256

          36ee186d069f14110dc29c038ac08be9910deb6b128787eaa990c9e37749d833

          SHA512

          8553c97f1ff31d0f6f2f7360f31a769cdbb78b349c65c681f8e6c273c300497fbcfc730ace72ec018538456ded7794bc4aa8300a51d7e77b6259809a22fafe07

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
          Filesize

          2.7MB

          MD5

          d86d0910eeb3ab049cba33fd317f2763

          SHA1

          d8977ba87c18bc5c6339a1c651c995ecf6677c64

          SHA256

          36ee186d069f14110dc29c038ac08be9910deb6b128787eaa990c9e37749d833

          SHA512

          8553c97f1ff31d0f6f2f7360f31a769cdbb78b349c65c681f8e6c273c300497fbcfc730ace72ec018538456ded7794bc4aa8300a51d7e77b6259809a22fafe07

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
          Filesize

          2.7MB

          MD5

          d86d0910eeb3ab049cba33fd317f2763

          SHA1

          d8977ba87c18bc5c6339a1c651c995ecf6677c64

          SHA256

          36ee186d069f14110dc29c038ac08be9910deb6b128787eaa990c9e37749d833

          SHA512

          8553c97f1ff31d0f6f2f7360f31a769cdbb78b349c65c681f8e6c273c300497fbcfc730ace72ec018538456ded7794bc4aa8300a51d7e77b6259809a22fafe07

          Download Submit

        • C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
          Filesize

          601B

          MD5

          0ea67e39f174c8ac08b5a15eb4b46fde

          SHA1

          07ab35b844ab05940382648dc1467f1ac8f967cd

          SHA256

          2ee4d852fd6ace8cc9f31fb85f6cd815dc3b3951b5be039d15b47193ac722b32

          SHA512

          bdfa77f71b47dc7b6d93b46f62bec5529d849c1024a610db75e9d508544eed5b7269aacbe3c842d7732fe6225fc9d4e1fd2312ae60cd5f528ba9fc3c5920d409

          Download Submit

        • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
          Filesize

          40B

          MD5

          151e7557b8fa2aa2a86a88ccd7e91adc

          SHA1

          531134d645ca3cc770fdfe8e0cbc9e1e3e8bbec7

          SHA256

          6b1540f0dc9b3d75f980a688addff6ee940b05f143cc270e4a5968950ba2b6ec

          SHA512

          903074e9a8fb657ce6a2a34fe109c3e1893d7e23e05c43f52f41a4648f22c4fe22e6ab4ac5858fb606a7b7ed2c0f6480ac70acbafc69f5346bfa90c0fd3fcc74

          Download Submit

        • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
          Filesize

          2.7MB

          MD5

          d86d0910eeb3ab049cba33fd317f2763

          SHA1

          d8977ba87c18bc5c6339a1c651c995ecf6677c64

          SHA256

          36ee186d069f14110dc29c038ac08be9910deb6b128787eaa990c9e37749d833

          SHA512

          8553c97f1ff31d0f6f2f7360f31a769cdbb78b349c65c681f8e6c273c300497fbcfc730ace72ec018538456ded7794bc4aa8300a51d7e77b6259809a22fafe07

          Download Submit

        • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\_sfx.exe
          Filesize

          1.7MB

          MD5

          0238df215bf6943892daf85de8ad433a

          SHA1

          3d905e4e2c0e9170df61b7a199321847691f945e

          SHA256

          a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

          SHA512

          fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

          Download Submit

        • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\assistant\assistant_installer.exe
          Filesize

          2.1MB

          MD5

          9df6e2fbb7e38964f35016bf91ef7424

          SHA1

          d0c1266dc46814bc6165cf6a69e90581228989a7

          SHA256

          3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

          SHA512

          b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

          Download Submit

        • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\opera_package
          Filesize

          86.7MB

          MD5

          31a143013d5b31bf0a19c39ebb26fd93

          SHA1

          8a9a106585b4de6587c2e5dca51c3e390764d0c4

          SHA256

          4a38cc4fb9f71279e966d17c64d3d8bf03d61922241d9bd69edf52baac7fad66

          SHA512

          c06ae3db4711eecc177c8eabf7c91c585224387f301c092558e1efad94dd1f42b80adb04e5b5c4280e9df512ab90e755afd16b9a6f6804834a492dea9b29a41d

          Download Submit

        • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212272112381\opera_package
          Filesize

          86.7MB

          MD5

          31a143013d5b31bf0a19c39ebb26fd93

          SHA1

          8a9a106585b4de6587c2e5dca51c3e390764d0c4

          SHA256

          4a38cc4fb9f71279e966d17c64d3d8bf03d61922241d9bd69edf52baac7fad66

          SHA512

          c06ae3db4711eecc177c8eabf7c91c585224387f301c092558e1efad94dd1f42b80adb04e5b5c4280e9df512ab90e755afd16b9a6f6804834a492dea9b29a41d

          Download Submit

        • \Users\Admin\AppData\Local\Temp\Opera_installer_2212272112344221276.dll
          Filesize

          4.3MB

          MD5

          09ce9fd443ba9fb4c7ac6cf5c2b1ae53

          SHA1

          029a9ab9c36da0756441d8346cbfece76e3820d5

          SHA256

          ceeb8dd897035807425e9d24d0d2b71d65dccf7d8f834b777a587ba697655581

          SHA512

          a3aafe2e6cf719b086759989229011ccc078c46bc456fb5a50c3b701cc5f4f8b16a4984b7dca6e51688d31a3ff40443cc80cce10a90a27c9eb5a40799900a893

          Download Submit

        • \Users\Admin\AppData\Local\Temp\Opera_installer_2212272112356861512.dll
          Filesize

          4.3MB

          MD5

          09ce9fd443ba9fb4c7ac6cf5c2b1ae53

          SHA1

          029a9ab9c36da0756441d8346cbfece76e3820d5

          SHA256

          ceeb8dd897035807425e9d24d0d2b71d65dccf7d8f834b777a587ba697655581

          SHA512

          a3aafe2e6cf719b086759989229011ccc078c46bc456fb5a50c3b701cc5f4f8b16a4984b7dca6e51688d31a3ff40443cc80cce10a90a27c9eb5a40799900a893

          Download Submit

        • \Users\Admin\AppData\Local\Temp\Opera_installer_2212272112379631416.dll
          Filesize

          4.3MB

          MD5

          09ce9fd443ba9fb4c7ac6cf5c2b1ae53

          SHA1

          029a9ab9c36da0756441d8346cbfece76e3820d5

          SHA256

          ceeb8dd897035807425e9d24d0d2b71d65dccf7d8f834b777a587ba697655581

          SHA512

          a3aafe2e6cf719b086759989229011ccc078c46bc456fb5a50c3b701cc5f4f8b16a4984b7dca6e51688d31a3ff40443cc80cce10a90a27c9eb5a40799900a893

          Download Submit

        • \Users\Admin\AppData\Local\Temp\Opera_installer_2212272112389621000.dll
          Filesize

          4.3MB

          MD5

          09ce9fd443ba9fb4c7ac6cf5c2b1ae53

          SHA1

          029a9ab9c36da0756441d8346cbfece76e3820d5

          SHA256

          ceeb8dd897035807425e9d24d0d2b71d65dccf7d8f834b777a587ba697655581

          SHA512

          a3aafe2e6cf719b086759989229011ccc078c46bc456fb5a50c3b701cc5f4f8b16a4984b7dca6e51688d31a3ff40443cc80cce10a90a27c9eb5a40799900a893

          Download Submit

        • \Users\Admin\AppData\Local\Temp\Opera_installer_2212272112396331712.dll
          Filesize

          4.3MB

          MD5

          09ce9fd443ba9fb4c7ac6cf5c2b1ae53

          SHA1

          029a9ab9c36da0756441d8346cbfece76e3820d5

          SHA256

          ceeb8dd897035807425e9d24d0d2b71d65dccf7d8f834b777a587ba697655581

          SHA512

          a3aafe2e6cf719b086759989229011ccc078c46bc456fb5a50c3b701cc5f4f8b16a4984b7dca6e51688d31a3ff40443cc80cce10a90a27c9eb5a40799900a893

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
          Filesize

          1.8MB

          MD5

          f8996d2158a69a12b4bc99edd28100bc

          SHA1

          892887691df881fe432e09b618e90f50447340e6

          SHA256

          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

          SHA512

          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
          Filesize

          1.8MB

          MD5

          f8996d2158a69a12b4bc99edd28100bc

          SHA1

          892887691df881fe432e09b618e90f50447340e6

          SHA256

          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

          SHA512

          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
          Filesize

          1.8MB

          MD5

          f8996d2158a69a12b4bc99edd28100bc

          SHA1

          892887691df881fe432e09b618e90f50447340e6

          SHA256

          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

          SHA512

          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
          Filesize

          1.8MB

          MD5

          f8996d2158a69a12b4bc99edd28100bc

          SHA1

          892887691df881fe432e09b618e90f50447340e6

          SHA256

          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

          SHA512

          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
          Filesize

          1.8MB

          MD5

          f8996d2158a69a12b4bc99edd28100bc

          SHA1

          892887691df881fe432e09b618e90f50447340e6

          SHA256

          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

          SHA512

          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
          Filesize

          1.8MB

          MD5

          f8996d2158a69a12b4bc99edd28100bc

          SHA1

          892887691df881fe432e09b618e90f50447340e6

          SHA256

          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

          SHA512

          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
          Filesize

          1.7MB

          MD5

          1bbf5dd0b6ca80e4c7c77495c3f33083

          SHA1

          e0520037e60eb641ec04d1e814394c9da0a6a862

          SHA256

          bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

          SHA512

          97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
          Filesize

          97KB

          MD5

          da1d0cd400e0b6ad6415fd4d90f69666

          SHA1

          de9083d2902906cacf57259cf581b1466400b799

          SHA256

          7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

          SHA512

          f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
          Filesize

          1.3MB

          MD5

          1313bb5df6c6e0d5c358735044fbebef

          SHA1

          cac3e2e3ed63dc147318e18f202a9da849830a91

          SHA256

          7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

          SHA512

          596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
          Filesize

          1.3MB

          MD5

          1313bb5df6c6e0d5c358735044fbebef

          SHA1

          cac3e2e3ed63dc147318e18f202a9da849830a91

          SHA256

          7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

          SHA512

          596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
          Filesize

          1.3MB

          MD5

          1313bb5df6c6e0d5c358735044fbebef

          SHA1

          cac3e2e3ed63dc147318e18f202a9da849830a91

          SHA256

          7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

          SHA512

          596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
          Filesize

          1.3MB

          MD5

          1313bb5df6c6e0d5c358735044fbebef

          SHA1

          cac3e2e3ed63dc147318e18f202a9da849830a91

          SHA256

          7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

          SHA512

          596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
          Filesize

          1.3MB

          MD5

          1313bb5df6c6e0d5c358735044fbebef

          SHA1

          cac3e2e3ed63dc147318e18f202a9da849830a91

          SHA256

          7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

          SHA512

          596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
          Filesize

          326KB

          MD5

          80d93d38badecdd2b134fe4699721223

          SHA1

          e829e58091bae93bc64e0c6f9f0bac999cfda23d

          SHA256

          c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

          SHA512

          9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          Filesize

          1.3MB

          MD5

          e7bbc7b426cee4b8027a00b11f06ef34

          SHA1

          926fad387ede328d3cfd9da80d0b303a865cca98

          SHA256

          e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

          SHA512

          f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          Filesize

          1.3MB

          MD5

          e7bbc7b426cee4b8027a00b11f06ef34

          SHA1

          926fad387ede328d3cfd9da80d0b303a865cca98

          SHA256

          e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

          SHA512

          f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          Filesize

          1.3MB

          MD5

          e7bbc7b426cee4b8027a00b11f06ef34

          SHA1

          926fad387ede328d3cfd9da80d0b303a865cca98

          SHA256

          e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

          SHA512

          f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          Filesize

          1.3MB

          MD5

          e7bbc7b426cee4b8027a00b11f06ef34

          SHA1

          926fad387ede328d3cfd9da80d0b303a865cca98

          SHA256

          e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

          SHA512

          f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          Filesize

          1.3MB

          MD5

          e7bbc7b426cee4b8027a00b11f06ef34

          SHA1

          926fad387ede328d3cfd9da80d0b303a865cca98

          SHA256

          e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

          SHA512

          f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

          Download Submit

        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
          Filesize

          326KB

          MD5

          80d93d38badecdd2b134fe4699721223

          SHA1

          e829e58091bae93bc64e0c6f9f0bac999cfda23d

          SHA256

          c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

          SHA512

          9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

          Download Submit

        • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
          Filesize

          2.7MB

          MD5

          d86d0910eeb3ab049cba33fd317f2763

          SHA1

          d8977ba87c18bc5c6339a1c651c995ecf6677c64

          SHA256

          36ee186d069f14110dc29c038ac08be9910deb6b128787eaa990c9e37749d833

          SHA512

          8553c97f1ff31d0f6f2f7360f31a769cdbb78b349c65c681f8e6c273c300497fbcfc730ace72ec018538456ded7794bc4aa8300a51d7e77b6259809a22fafe07

          Download Submit

        • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
          Filesize

          2.7MB

          MD5

          d86d0910eeb3ab049cba33fd317f2763

          SHA1

          d8977ba87c18bc5c6339a1c651c995ecf6677c64

          SHA256

          36ee186d069f14110dc29c038ac08be9910deb6b128787eaa990c9e37749d833

          SHA512

          8553c97f1ff31d0f6f2f7360f31a769cdbb78b349c65c681f8e6c273c300497fbcfc730ace72ec018538456ded7794bc4aa8300a51d7e77b6259809a22fafe07

          Download Submit

        • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
          Filesize

          2.7MB

          MD5

          d86d0910eeb3ab049cba33fd317f2763

          SHA1

          d8977ba87c18bc5c6339a1c651c995ecf6677c64

          SHA256

          36ee186d069f14110dc29c038ac08be9910deb6b128787eaa990c9e37749d833

          SHA512

          8553c97f1ff31d0f6f2f7360f31a769cdbb78b349c65c681f8e6c273c300497fbcfc730ace72ec018538456ded7794bc4aa8300a51d7e77b6259809a22fafe07

          Download Submit

        • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
          Filesize

          2.7MB

          MD5

          d86d0910eeb3ab049cba33fd317f2763

          SHA1

          d8977ba87c18bc5c6339a1c651c995ecf6677c64

          SHA256

          36ee186d069f14110dc29c038ac08be9910deb6b128787eaa990c9e37749d833

          SHA512

          8553c97f1ff31d0f6f2f7360f31a769cdbb78b349c65c681f8e6c273c300497fbcfc730ace72ec018538456ded7794bc4aa8300a51d7e77b6259809a22fafe07

          Download Submit

        • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
          Filesize

          2.7MB

          MD5

          d86d0910eeb3ab049cba33fd317f2763

          SHA1

          d8977ba87c18bc5c6339a1c651c995ecf6677c64

          SHA256

          36ee186d069f14110dc29c038ac08be9910deb6b128787eaa990c9e37749d833

          SHA512

          8553c97f1ff31d0f6f2f7360f31a769cdbb78b349c65c681f8e6c273c300497fbcfc730ace72ec018538456ded7794bc4aa8300a51d7e77b6259809a22fafe07

          Download Submit

        • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
          Filesize

          2.7MB

          MD5

          d86d0910eeb3ab049cba33fd317f2763

          SHA1

          d8977ba87c18bc5c6339a1c651c995ecf6677c64

          SHA256

          36ee186d069f14110dc29c038ac08be9910deb6b128787eaa990c9e37749d833

          SHA512

          8553c97f1ff31d0f6f2f7360f31a769cdbb78b349c65c681f8e6c273c300497fbcfc730ace72ec018538456ded7794bc4aa8300a51d7e77b6259809a22fafe07

          Download Submit

        • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
          Filesize

          2.7MB

          MD5

          d86d0910eeb3ab049cba33fd317f2763

          SHA1

          d8977ba87c18bc5c6339a1c651c995ecf6677c64

          SHA256

          36ee186d069f14110dc29c038ac08be9910deb6b128787eaa990c9e37749d833

          SHA512

          8553c97f1ff31d0f6f2f7360f31a769cdbb78b349c65c681f8e6c273c300497fbcfc730ace72ec018538456ded7794bc4aa8300a51d7e77b6259809a22fafe07

          Download Submit

        • memory/472-183-0x0000000000000000-mapping.dmp

          Download

        • memory/608-179-0x0000000000000000-mapping.dmp

          Download

        • memory/608-165-0x0000000000000000-mapping.dmp

          Download

        • memory/808-181-0x0000000000000000-mapping.dmp

          Download

        • memory/836-189-0x0000000000000000-mapping.dmp

          Download

        • memory/896-66-0x0000000002E90000-0x0000000003278000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/896-65-0x0000000002E90000-0x0000000003278000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/896-73-0x0000000002E90000-0x0000000003278000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/896-74-0x0000000002E90000-0x0000000003278000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/896-54-0x0000000075B41000-0x0000000075B43000-memory.dmp

          Filesize

          8KB

          Download

        • memory/896-67-0x0000000002E90000-0x0000000003278000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/932-230-0x0000000002530000-0x0000000002540000-memory.dmp

          Filesize

          64KB

          Download

        • memory/932-192-0x0000000000000000-mapping.dmp

          Download

        • memory/980-176-0x0000000000000000-mapping.dmp

          Download

        • memory/1000-133-0x0000000000000000-mapping.dmp

          Download

        • memory/1000-149-0x00000000028D0000-0x0000000002DDC000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1000-195-0x0000000000400000-0x000000000090C000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1000-155-0x0000000000400000-0x000000000090C000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1000-136-0x0000000000400000-0x000000000090C000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1052-424-0x0000000000000000-mapping.dmp

          Download

        • memory/1184-187-0x0000000000000000-mapping.dmp

          Download

        • memory/1188-429-0x0000000000000000-mapping.dmp

          Download

        • memory/1276-109-0x0000000000000000-mapping.dmp

          Download

        • memory/1276-123-0x0000000000400000-0x000000000090C000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1276-205-0x0000000000400000-0x000000000090C000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1276-124-0x0000000002870000-0x0000000002D7C000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1276-138-0x0000000003430000-0x000000000393C000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1276-157-0x0000000003430000-0x000000000393C000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1276-156-0x0000000003770000-0x0000000003C7C000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1292-329-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1292-324-0x0000000000000000-mapping.dmp

          Download

        • memory/1380-428-0x0000000000000000-mapping.dmp

          Download

        • memory/1416-131-0x0000000000400000-0x000000000090C000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1416-126-0x0000000000000000-mapping.dmp

          Download

        • memory/1468-170-0x0000000000000000-mapping.dmp

          Download

        • memory/1468-171-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmp

          Filesize

          8KB

          Download

        • memory/1484-90-0x0000000000000000-mapping.dmp

          Download

        • memory/1484-121-0x00000000057E0000-0x0000000005CEC000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1484-116-0x0000000002600000-0x0000000002610000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1484-117-0x00000000057E0000-0x0000000005CEC000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1484-120-0x00000000057E0000-0x0000000005CEC000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1484-103-0x0000000000C20000-0x0000000001008000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/1484-129-0x0000000000C20000-0x0000000001008000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/1488-72-0x0000000000460000-0x0000000000463000-memory.dmp

          Filesize

          12KB

          Download

        • memory/1488-75-0x0000000001360000-0x0000000001748000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/1488-493-0x0000000010000000-0x0000000010051000-memory.dmp

          Filesize

          324KB

          Download

        • memory/1488-84-0x0000000003240000-0x0000000003250000-memory.dmp

          Filesize

          64KB

          Download

        • memory/1488-59-0x0000000000000000-mapping.dmp

          Download

        • memory/1488-68-0x0000000001360000-0x0000000001748000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/1488-71-0x0000000010000000-0x0000000010051000-memory.dmp

          Filesize

          324KB

          Download

        • memory/1512-137-0x0000000000400000-0x000000000090C000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1512-210-0x0000000000400000-0x000000000090C000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1512-115-0x0000000000000000-mapping.dmp

          Download

        • memory/1536-81-0x0000000000000000-mapping.dmp

          Download

        • memory/1536-102-0x0000000002B40000-0x0000000002F28000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/1536-101-0x0000000002B40000-0x0000000002F28000-memory.dmp

          Filesize

          3.9MB

          Download

        • memory/1572-188-0x0000000000000000-mapping.dmp

          Download

        • memory/1576-186-0x0000000000000000-mapping.dmp

          Download

        • memory/1580-190-0x0000000000000000-mapping.dmp

          Download

        • memory/1580-159-0x0000000000000000-mapping.dmp

          Download

        • memory/1600-168-0x0000000000000000-mapping.dmp

          Download

        • memory/1632-172-0x0000000000000000-mapping.dmp

          Download

        • memory/1712-150-0x0000000000400000-0x000000000090C000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1712-141-0x0000000000000000-mapping.dmp

          Download

        • memory/1712-200-0x0000000000400000-0x000000000090C000-memory.dmp

          Filesize

          5.0MB

          Download

        • memory/1924-174-0x0000000000000000-mapping.dmp

          Download

        • memory/1932-184-0x0000000000000000-mapping.dmp

          Download

        • memory/2044-426-0x0000000000000000-mapping.dmp

          Download

        • memory/2056-193-0x0000000000000000-mapping.dmp

          Download

        • memory/2272-491-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2272-456-0x0000000000000000-mapping.dmp

          Download

        • memory/2324-228-0x0000000000000000-mapping.dmp

          Download

        • memory/2380-368-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2380-355-0x0000000000000000-mapping.dmp

          Download

        • memory/2476-386-0x0000000000000000-mapping.dmp

          Download

        • memory/2476-422-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2508-229-0x0000000000000000-mapping.dmp

          Download

        • memory/2644-486-0x0000000000000000-mapping.dmp

          Download

        • memory/2648-416-0x0000000000000000-mapping.dmp

          Download

        • memory/2648-423-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmp

          Filesize

          8KB

          Download

        • memory/2668-231-0x0000000000000000-mapping.dmp

          Download

        • memory/2832-262-0x0000000000000000-mapping.dmp

          Download

        • memory/2992-263-0x0000000000000000-mapping.dmp

          Download

        • memory/3004-293-0x0000000000000000-mapping.dmp

          Download

        • memory/3004-295-0x000007FEFBF71000-0x000007FEFBF73000-memory.dmp

          Filesize

          8KB

          Download