Overview

overview

8

Static

static

TLauncher-....1.exe

windows7-x64

8

TLauncher-....1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    110s
  • max time network
    144s
  • platform
    windows7_x64
  • resource
    win7-20221111-es
  • resource tags

    arch:x64arch:x86image:win7-20221111-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    09-01-2023 11:01

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-2.86-Installer-1.0.1.exe

  • Size

    21.7MB

  • MD5

    f643be370cc9763a17f7746b1b6a0243

  • SHA1

    c65391f59a6e1421d783eaf43eb9661cfd476f82

  • SHA256

    5ab5f39d143b6ff77df2fd5026ac8e4788edfd3de27a4e1fa4b420a7d2f61d38

  • SHA512

    5ce377dc1a4a59723cf2b969c0cadb3197e5bf61d0064e2e8c94a0be9d4fd1cd9b33e05078a17e89f54b763e180be32ce14b46949a58ff47e5df18183291142f

  • SSDEEP

    393216:WXYwVCtYto0fs/dQETVlOBbpFEj9GZdqV56HpkbGCST7yuk9sLx:WowVCWTHExiTTqqHpMsV

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • Blocklisted process makes network request 4 IoCs
  • Downloads MZ/PE file
  • Executes dropped EXE 26 IoCs
  • UPX packed file 43 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 27 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 5 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 4 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 14 IoCs
    evasionspywaretrojan
  • Suspicious use of AdjustPrivilegeToken 42 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:964
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1908426 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe" "__IRCT:3" "__IRTSS:22693301" "__IRSID:S-1-5-21-1214520366-621468234-4062160515-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:908
      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2004
        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1814730 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1839152" "__IRSID:S-1-5-21-1214520366-621468234-4062160515-1000"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies system certificate store
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:948
          • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Enumerates connected drives
            • Modifies system certificate store
            • Suspicious use of WriteProcessMemory
            PID:1964
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.54 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x70f38658,0x70f38668,0x70f38674
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1156
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1472
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=es --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1964 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230109120559" --session-guid=454a1018-7c7e-45e0-a9fd-2385487dd47d --server-tracking-blob=YzVjNzlhNThiNTJjOTI5NDcwN2VlMzgyYzc5OGNiNDk3YTQzYjFiNjVmNzdkNjljZWIyNWU2ZmM3ZDBiZmQ3OTp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzMyNjIzNTUuMzM4MCIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiNTA1ZWY2YzYtYTkyZS00Mzg2LWI0ZGUtMjY4ZjEwZmIzNDU4In0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=3C03000000000000
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Enumerates connected drives
              • Suspicious use of WriteProcessMemory
              PID:1048
              • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.54 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x70518658,0x70518668,0x70518674
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:1612
              • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.54\installer.exe
                "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.54\installer.exe" --backend --initial-pid=1964 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=es --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301091205591" --session-guid=454a1018-7c7e-45e0-a9fd-2385487dd47d --server-tracking-blob=YzVjNzlhNThiNTJjOTI5NDcwN2VlMzgyYzc5OGNiNDk3YTQzYjFiNjVmNzdkNjljZWIyNWU2ZmM3ZDBiZmQ3OTp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzMyNjIzNTUuMzM4MCIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiNTA1ZWY2YzYtYTkyZS00Mzg2LWI0ZGUtMjY4ZjEwZmIzNDU4In0= --silent --desktopshortcut=1 --install-subfolder=94.0.4606.54
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Enumerates connected drives
                • Modifies registry class
                PID:1460
                • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.54\installer.exe
                  C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.54\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.54 --initial-client-data=0x174,0x178,0x17c,0x148,0x180,0x7fef6212c98,0x7fef6212ca8,0x7fef6212cb8
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:1484
                • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                  "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:480
                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Enumerates system info in registry
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2116
                    • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.54\opera_crashreporter.exe
                      C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.54\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.54 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feeeff9490,0x7feeeff94a0,0x7feeeff94b0
                      10⤵
                      • Executes dropped EXE
                      PID:2152
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1188,i,8057244387408264026,10277030315813586101,131072 /prefetch:2
                      10⤵
                      • Executes dropped EXE
                      PID:2304
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1460 --field-trial-handle=1188,i,8057244387408264026,10277030315813586101,131072 /prefetch:8
                      10⤵
                      • Executes dropped EXE
                      PID:2452
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301091205591\assistant\_sfx.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301091205591\assistant\_sfx.exe"
              6⤵
              • Executes dropped EXE
              PID:1888
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301091205591\assistant\assistant_installer.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301091205591\assistant\assistant_installer.exe" --version
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1268
              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301091205591\assistant\assistant_installer.exe
                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301091205591\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0x11a2dc0,0x11a2dd0,0x11a2ddc
                7⤵
                • Executes dropped EXE
                PID:1456
      • C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
        "C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
        3⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1960
  • C:\Windows\system32\msiexec.exe
    C:\Windows\system32\msiexec.exe /V
    1⤵
    • Blocklisted process makes network request
    • Enumerates connected drives
    • Drops file in Windows directory
    • Checks processor information in registry
    • Suspicious use of AdjustPrivilegeToken
    PID:1456
    • C:\Program Files\Java\jre1.8.0_51\installer.exe
      "C:\Program Files\Java\jre1.8.0_51\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_51\\" STATIC=1 REPAIRMODE=0
      2⤵
        PID:808
        • C:\ProgramData\Oracle\Java\installcache_x64\bspatch.exe
          "bspatch.exe" baseimagefam8 newimage diff
          3⤵
            PID:1664
          • C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
            "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\deploy.pack" "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar"
            3⤵
              PID:2316
            • C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
              "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\javaws.pack" "C:\Program Files\Java\jre1.8.0_51\lib\javaws.jar"
              3⤵
                PID:3084
              • C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
                "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\plugin.pack" "C:\Program Files\Java\jre1.8.0_51\lib\plugin.jar"
                3⤵
                  PID:3112
                • C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
                  "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\rt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\rt.jar"
                  3⤵
                    PID:3136
                  • C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
                    "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\charsets.pack" "C:\Program Files\Java\jre1.8.0_51\lib\charsets.jar"
                    3⤵
                      PID:3164
                    • C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
                      "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\jsse.pack" "C:\Program Files\Java\jre1.8.0_51\lib\jsse.jar"
                      3⤵
                        PID:3188
                      • C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
                        "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\localedata.jar"
                        3⤵
                          PID:3216
                        • C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe
                          "C:\Program Files\Java\jre1.8.0_51\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.pack" "C:\Program Files\Java\jre1.8.0_51\lib\ext\jfxrt.jar"
                          3⤵
                            PID:3240
                          • C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
                            "C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -Xshare:dump
                            3⤵
                              PID:3272
                            • C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe
                              "C:\Program Files\Java\jre1.8.0_51\bin\javaws.exe" -wait -fix -permissions -silent
                              3⤵
                                PID:3356
                                • C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe
                                  "C:\Program Files\Java\jre1.8.0_51\bin\javaw.exe" -classpath "C:\Program Files\Java\jre1.8.0_51\lib\deploy.jar" com.sun.deploy.panel.JreLocator
                                  4⤵
                                    PID:3368
                            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
                              1⤵
                              • Executes dropped EXE
                              • Checks computer location settings
                              • Adds Run key to start application
                              • Enumerates system info in registry
                              PID:2612
                              • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.54\opera_crashreporter.exe
                                C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.54\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.54 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feeeff9490,0x7feeeff94a0,0x7feeeff94b0
                                2⤵
                                • Executes dropped EXE
                                PID:2644
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1076 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:2
                                2⤵
                                • Executes dropped EXE
                                PID:2796
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1472 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:8
                                2⤵
                                • Executes dropped EXE
                                PID:2932
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1572 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:8
                                2⤵
                                • Executes dropped EXE
                                PID:2972
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2060 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:8
                                2⤵
                                • Executes dropped EXE
                                PID:2208
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2080 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:8
                                2⤵
                                  PID:1972
                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2068 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:8
                                  2⤵
                                  • Executes dropped EXE
                                  PID:1516
                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2092 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:8
                                  2⤵
                                    PID:2720
                                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2104 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:8
                                    2⤵
                                      PID:2848
                                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=2188 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:1
                                      2⤵
                                        PID:2408
                                      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --first-renderer-process --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=2172 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:1
                                        2⤵
                                          PID:2072
                                        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=2524 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:1
                                          2⤵
                                            PID:624
                                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=2540 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:1
                                            2⤵
                                              PID:2576
                                            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=2556 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:1
                                              2⤵
                                                PID:2880
                                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=2572 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:1
                                                2⤵
                                                  PID:2088
                                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=2604 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:1
                                                  2⤵
                                                    PID:2008
                                                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2696 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:1
                                                    2⤵
                                                      PID:2564
                                                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=es --service-sandbox-type=audio --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2744 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:8
                                                      2⤵
                                                        PID:2916
                                                      • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.54\opera_autoupdate.exe
                                                        "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.54\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
                                                        2⤵
                                                          PID:2848
                                                          • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.54\opera_autoupdate.exe
                                                            C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.54\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.54 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x13f76ab38,0x13f76ab48,0x13f76ab58
                                                            3⤵
                                                              PID:2012
                                                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=2772 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:1
                                                            2⤵
                                                              PID:872
                                                            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=2872 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:1
                                                              2⤵
                                                                PID:2052
                                                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=2864 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:1
                                                                2⤵
                                                                  PID:2232
                                                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=2900 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:1
                                                                  2⤵
                                                                    PID:2512
                                                                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=2908 --field-trial-handle=1192,i,14936284300535468635,11259232416704819457,131072 /prefetch:1
                                                                    2⤵
                                                                      PID:2608
                                                                  • C:\Windows\system32\taskeng.exe
                                                                    taskeng.exe {125071C4-BC58-43D2-BCBC-8D8AE55468E7} S-1-5-21-1214520366-621468234-4062160515-1000:VDWSWJJD\Admin:Interactive:[1]
                                                                    1⤵
                                                                      PID:3028
                                                                      • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                                                                        C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=94.0.4606.54 --newautoupdaterlogic
                                                                        2⤵
                                                                          PID:2620
                                                                          • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
                                                                            "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
                                                                            3⤵
                                                                              PID:2468

                                                                        Network

                                                                        MITRE ATT&CK Enterprise v6

                                                                        Replay Monitor

                                                                        Loading Replay Monitor...

                                                                        Downloads

                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
                                                                          Filesize

                                                                          61KB

                                                                          MD5

                                                                          fc4666cbca561e864e7fdf883a9e6661

                                                                          SHA1

                                                                          2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

                                                                          SHA256

                                                                          10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

                                                                          SHA512

                                                                          c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
                                                                          Filesize

                                                                          471B

                                                                          MD5

                                                                          e0c679f33e2f14a5c2b948b9b7e2b1ed

                                                                          SHA1

                                                                          16ae688c318112a8a4022d1b0fc869aac25ce849

                                                                          SHA256

                                                                          2b6d8c67f744a29fc439c1d5785779d83a3c153d553c002af0b1e817b656332b

                                                                          SHA512

                                                                          331082fc0a2a8c2c5af5ff785d4d6a0d4c92e3a914a53ee0b2a6f40dc228b5ba27401fe6c06b0e8cc6e632da67683f95ef7871d0ddda9d581afe677fe9857948

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                          Filesize

                                                                          342B

                                                                          MD5

                                                                          ad1aa61e47fdac0343fbc69b613ae2ea

                                                                          SHA1

                                                                          0b036cc4902567a40fcf87b1e270047aae733246

                                                                          SHA256

                                                                          df335c1401cb15cc6df02111b6f748278cdd228c8f2d32a0ed20a1ade4f0ab01

                                                                          SHA512

                                                                          2ec8b20cb700546d86fbf7b2b46b60412ad568026644bae32fec7cef9737f6a25bb6007811608e360753fae3b465617808116d8512f556595fc6e156c31477e7

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                          Filesize

                                                                          342B

                                                                          MD5

                                                                          2e24eeab65cede12f249c55e568b2f21

                                                                          SHA1

                                                                          e398c80de79e2df0af1438b4c6108d56b10e94e5

                                                                          SHA256

                                                                          1c0b0ba9274780ace166be3e3db0f8094588a261fdd2d5dda48c395c04fe4eb7

                                                                          SHA512

                                                                          e4f1066acbb71dcd8f12e551f5a2f79c63c7d9a6fa1149ca1351c3a9815c2ee5da0fb0fe23bb44d8ed08838853fedce22b0b4ac932c28153c6336481dbed1dec

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                          Filesize

                                                                          342B

                                                                          MD5

                                                                          070b890c93b84872bf17b6224ec68fda

                                                                          SHA1

                                                                          378b521ba7d530f067008c486e087beef32665bc

                                                                          SHA256

                                                                          ae8e01a05bbd0291ab0455ab0486e476818b9eec42e12bf5d1c07de5fc309e64

                                                                          SHA512

                                                                          924244f7e55403d484539c3adb696765d19b3c14197b500e0136045769767e2a359b6d5a915aecc7d37196e4d9308ebc75c9a91fcb7a3e05000388285bbe01af

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                                                                          Filesize

                                                                          342B

                                                                          MD5

                                                                          cb3fd66e3271e9674f6523bd509ed4b4

                                                                          SHA1

                                                                          e635af2d626875096148c05118ad77b567733273

                                                                          SHA256

                                                                          a9dd876e461d4c996f5bfc092fbd51d38dad76f1e6cf8b3997ff4477ebcb01c5

                                                                          SHA512

                                                                          e013178670b2af56547ac0a46ffeb16546c1481ad8ea1ef84a4c0c16bd9eff231a5d0a8490624aad2c028b062f443208fc6ad100807deb777315d80dcb3a1bd3

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
                                                                          Filesize

                                                                          434B

                                                                          MD5

                                                                          0d516460dc38624c970115940277e8ee

                                                                          SHA1

                                                                          af23f49d3d8257aeca939f79f34a562381a2acb8

                                                                          SHA256

                                                                          6bbf57398dee9791d4b83d00a28deede15280092f814c995cf6d08aeb5d3dd8d

                                                                          SHA512

                                                                          2570c49cfed3e18ca1b7c996c4744acb99d28b7452423c2ab31f7589e49fde020a34f141d44f1168a883458f4fd833eed3c694df3af9f829063805a0dffc5ddf

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          a8f36f55fb07af57716e6385ed070d80

                                                                          SHA1

                                                                          edd3cde350f509d61e641ed8fe4daea3473cbce4

                                                                          SHA256

                                                                          8ef3bf9b4262615847f1b71d0d0e41893e2fc3f1a83a128445f19733b2618969

                                                                          SHA512

                                                                          7d76f6ca875895222c8c1b1e305143e4275a843e65d796e4939d9b3be6d198a0b018d875b09632f8f88f3ccfd538f7f0c0414b583e001145bcd95d3f0ba0d9d3

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301091205591\assistant\_sfx.exe
                                                                          Filesize

                                                                          1.7MB

                                                                          MD5

                                                                          0238df215bf6943892daf85de8ad433a

                                                                          SHA1

                                                                          3d905e4e2c0e9170df61b7a199321847691f945e

                                                                          SHA256

                                                                          a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

                                                                          SHA512

                                                                          fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301091205591\assistant\_sfx.exe
                                                                          Filesize

                                                                          1.7MB

                                                                          MD5

                                                                          0238df215bf6943892daf85de8ad433a

                                                                          SHA1

                                                                          3d905e4e2c0e9170df61b7a199321847691f945e

                                                                          SHA256

                                                                          a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

                                                                          SHA512

                                                                          fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
                                                                          Filesize

                                                                          1.8MB

                                                                          MD5

                                                                          f8996d2158a69a12b4bc99edd28100bc

                                                                          SHA1

                                                                          892887691df881fe432e09b618e90f50447340e6

                                                                          SHA256

                                                                          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

                                                                          SHA512

                                                                          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
                                                                          Filesize

                                                                          1.8MB

                                                                          MD5

                                                                          f8996d2158a69a12b4bc99edd28100bc

                                                                          SHA1

                                                                          892887691df881fe432e09b618e90f50447340e6

                                                                          SHA256

                                                                          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

                                                                          SHA512

                                                                          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          1313bb5df6c6e0d5c358735044fbebef

                                                                          SHA1

                                                                          cac3e2e3ed63dc147318e18f202a9da849830a91

                                                                          SHA256

                                                                          7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

                                                                          SHA512

                                                                          596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          1313bb5df6c6e0d5c358735044fbebef

                                                                          SHA1

                                                                          cac3e2e3ed63dc147318e18f202a9da849830a91

                                                                          SHA256

                                                                          7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

                                                                          SHA512

                                                                          596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
                                                                          Filesize

                                                                          326KB

                                                                          MD5

                                                                          80d93d38badecdd2b134fe4699721223

                                                                          SHA1

                                                                          e829e58091bae93bc64e0c6f9f0bac999cfda23d

                                                                          SHA256

                                                                          c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

                                                                          SHA512

                                                                          9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          e7bbc7b426cee4b8027a00b11f06ef34

                                                                          SHA1

                                                                          926fad387ede328d3cfd9da80d0b303a865cca98

                                                                          SHA256

                                                                          e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

                                                                          SHA512

                                                                          f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          e7bbc7b426cee4b8027a00b11f06ef34

                                                                          SHA1

                                                                          926fad387ede328d3cfd9da80d0b303a865cca98

                                                                          SHA256

                                                                          e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

                                                                          SHA512

                                                                          f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
                                                                          Filesize

                                                                          326KB

                                                                          MD5

                                                                          80d93d38badecdd2b134fe4699721223

                                                                          SHA1

                                                                          e829e58091bae93bc64e0c6f9f0bac999cfda23d

                                                                          SHA256

                                                                          c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

                                                                          SHA512

                                                                          9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
                                                                          Filesize

                                                                          41.2MB

                                                                          MD5

                                                                          b9919195f61824f980f4a088d7447a11

                                                                          SHA1

                                                                          447fd1f59219282ec5d2f7a179ac12cc072171c3

                                                                          SHA256

                                                                          3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

                                                                          SHA512

                                                                          d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          a8f36f55fb07af57716e6385ed070d80

                                                                          SHA1

                                                                          edd3cde350f509d61e641ed8fe4daea3473cbce4

                                                                          SHA256

                                                                          8ef3bf9b4262615847f1b71d0d0e41893e2fc3f1a83a128445f19733b2618969

                                                                          SHA512

                                                                          7d76f6ca875895222c8c1b1e305143e4275a843e65d796e4939d9b3be6d198a0b018d875b09632f8f88f3ccfd538f7f0c0414b583e001145bcd95d3f0ba0d9d3

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          a8f36f55fb07af57716e6385ed070d80

                                                                          SHA1

                                                                          edd3cde350f509d61e641ed8fe4daea3473cbce4

                                                                          SHA256

                                                                          8ef3bf9b4262615847f1b71d0d0e41893e2fc3f1a83a128445f19733b2618969

                                                                          SHA512

                                                                          7d76f6ca875895222c8c1b1e305143e4275a843e65d796e4939d9b3be6d198a0b018d875b09632f8f88f3ccfd538f7f0c0414b583e001145bcd95d3f0ba0d9d3

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          a8f36f55fb07af57716e6385ed070d80

                                                                          SHA1

                                                                          edd3cde350f509d61e641ed8fe4daea3473cbce4

                                                                          SHA256

                                                                          8ef3bf9b4262615847f1b71d0d0e41893e2fc3f1a83a128445f19733b2618969

                                                                          SHA512

                                                                          7d76f6ca875895222c8c1b1e305143e4275a843e65d796e4939d9b3be6d198a0b018d875b09632f8f88f3ccfd538f7f0c0414b583e001145bcd95d3f0ba0d9d3

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          a8f36f55fb07af57716e6385ed070d80

                                                                          SHA1

                                                                          edd3cde350f509d61e641ed8fe4daea3473cbce4

                                                                          SHA256

                                                                          8ef3bf9b4262615847f1b71d0d0e41893e2fc3f1a83a128445f19733b2618969

                                                                          SHA512

                                                                          7d76f6ca875895222c8c1b1e305143e4275a843e65d796e4939d9b3be6d198a0b018d875b09632f8f88f3ccfd538f7f0c0414b583e001145bcd95d3f0ba0d9d3

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          a8f36f55fb07af57716e6385ed070d80

                                                                          SHA1

                                                                          edd3cde350f509d61e641ed8fe4daea3473cbce4

                                                                          SHA256

                                                                          8ef3bf9b4262615847f1b71d0d0e41893e2fc3f1a83a128445f19733b2618969

                                                                          SHA512

                                                                          7d76f6ca875895222c8c1b1e305143e4275a843e65d796e4939d9b3be6d198a0b018d875b09632f8f88f3ccfd538f7f0c0414b583e001145bcd95d3f0ba0d9d3

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
                                                                          Filesize

                                                                          601B

                                                                          MD5

                                                                          6ed2a8160dbf3f7a225634115e16a82d

                                                                          SHA1

                                                                          497329522526f744612157321b96a3849f01f03a

                                                                          SHA256

                                                                          3c5d0f8b3389efbf6cf503400c5f312ab537e00dddf1421b08e0e6d3953927a9

                                                                          SHA512

                                                                          e44d6713d9761095e3657e21ff0127dbd174e2704d98d7431bff1baac0c4467155234861de6711094fabe441d85a80c633a43db17e1d6fed922de99989727d33

                                                                          Download Submit

                                                                        • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
                                                                          Filesize

                                                                          40B

                                                                          MD5

                                                                          acbeb73bf4563219967a6f745207014f

                                                                          SHA1

                                                                          ac366a94838f445efc346ed76f53582dc09a5bd5

                                                                          SHA256

                                                                          287bcfbc9cbc2bdbe2d357121a0348c73106d50f4234b2d1ea927546cb93ebc1

                                                                          SHA512

                                                                          e781111ba9daffbed5d832a975af3f636284d037c8251218e767bad0cd034d33cf295596b1508b095593fc3fb9ce015bb268f845ec0db79e3391353a38a2701f

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          a8f36f55fb07af57716e6385ed070d80

                                                                          SHA1

                                                                          edd3cde350f509d61e641ed8fe4daea3473cbce4

                                                                          SHA256

                                                                          8ef3bf9b4262615847f1b71d0d0e41893e2fc3f1a83a128445f19733b2618969

                                                                          SHA512

                                                                          7d76f6ca875895222c8c1b1e305143e4275a843e65d796e4939d9b3be6d198a0b018d875b09632f8f88f3ccfd538f7f0c0414b583e001145bcd95d3f0ba0d9d3

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301091205591\assistant\_sfx.exe
                                                                          Filesize

                                                                          1.7MB

                                                                          MD5

                                                                          0238df215bf6943892daf85de8ad433a

                                                                          SHA1

                                                                          3d905e4e2c0e9170df61b7a199321847691f945e

                                                                          SHA256

                                                                          a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

                                                                          SHA512

                                                                          fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301091205591\opera_package
                                                                          Filesize

                                                                          86.7MB

                                                                          MD5

                                                                          9d67cc3d70baf3702cc379c2df51f5db

                                                                          SHA1

                                                                          257bc84d1ce4e4505e25d7fb3b29255b69c59878

                                                                          SHA256

                                                                          adcc61fddb491c75edb7a836f70b6261a8c975a569f3f3a7a8468c4315e2c89b

                                                                          SHA512

                                                                          04c85ce7d564b3efe1a46d80c8d4f7fc0fe25877ac56e4a1c9b20d892f5e0e0ff3b986ea6fd5470d010abc3f0b676093dd9fbc6e7e11d45e0b9e547dd22682f9

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301091205591\opera_package
                                                                          Filesize

                                                                          86.7MB

                                                                          MD5

                                                                          9d67cc3d70baf3702cc379c2df51f5db

                                                                          SHA1

                                                                          257bc84d1ce4e4505e25d7fb3b29255b69c59878

                                                                          SHA256

                                                                          adcc61fddb491c75edb7a836f70b6261a8c975a569f3f3a7a8468c4315e2c89b

                                                                          SHA512

                                                                          04c85ce7d564b3efe1a46d80c8d4f7fc0fe25877ac56e4a1c9b20d892f5e0e0ff3b986ea6fd5470d010abc3f0b676093dd9fbc6e7e11d45e0b9e547dd22682f9

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\Opera_installer_2301091205562531964.dll
                                                                          Filesize

                                                                          4.3MB

                                                                          MD5

                                                                          abd49f95860291b4bea7ed2a17516f3d

                                                                          SHA1

                                                                          728f48e85427acf242f65da8dee22588c373e9aa

                                                                          SHA256

                                                                          1da2b7d6cea59b309a892d4ddb64a1f4d8fefd9b9d65da0b3aa0d42e4cedb8bf

                                                                          SHA512

                                                                          64c32133cee5f62a59cfbfad4742c1479ec2ab53188e09c97a18a062795e62cba3132f1b01b5748b91a4e6f010be933229eb7dc640ecbc7f7c8fda8a3efe7e94

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\Opera_installer_2301091205568461156.dll
                                                                          Filesize

                                                                          4.3MB

                                                                          MD5

                                                                          abd49f95860291b4bea7ed2a17516f3d

                                                                          SHA1

                                                                          728f48e85427acf242f65da8dee22588c373e9aa

                                                                          SHA256

                                                                          1da2b7d6cea59b309a892d4ddb64a1f4d8fefd9b9d65da0b3aa0d42e4cedb8bf

                                                                          SHA512

                                                                          64c32133cee5f62a59cfbfad4742c1479ec2ab53188e09c97a18a062795e62cba3132f1b01b5748b91a4e6f010be933229eb7dc640ecbc7f7c8fda8a3efe7e94

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\Opera_installer_2301091205588431472.dll
                                                                          Filesize

                                                                          4.3MB

                                                                          MD5

                                                                          abd49f95860291b4bea7ed2a17516f3d

                                                                          SHA1

                                                                          728f48e85427acf242f65da8dee22588c373e9aa

                                                                          SHA256

                                                                          1da2b7d6cea59b309a892d4ddb64a1f4d8fefd9b9d65da0b3aa0d42e4cedb8bf

                                                                          SHA512

                                                                          64c32133cee5f62a59cfbfad4742c1479ec2ab53188e09c97a18a062795e62cba3132f1b01b5748b91a4e6f010be933229eb7dc640ecbc7f7c8fda8a3efe7e94

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\Opera_installer_2301091206001531048.dll
                                                                          Filesize

                                                                          4.3MB

                                                                          MD5

                                                                          abd49f95860291b4bea7ed2a17516f3d

                                                                          SHA1

                                                                          728f48e85427acf242f65da8dee22588c373e9aa

                                                                          SHA256

                                                                          1da2b7d6cea59b309a892d4ddb64a1f4d8fefd9b9d65da0b3aa0d42e4cedb8bf

                                                                          SHA512

                                                                          64c32133cee5f62a59cfbfad4742c1479ec2ab53188e09c97a18a062795e62cba3132f1b01b5748b91a4e6f010be933229eb7dc640ecbc7f7c8fda8a3efe7e94

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\Opera_installer_2301091206015881612.dll
                                                                          Filesize

                                                                          4.3MB

                                                                          MD5

                                                                          abd49f95860291b4bea7ed2a17516f3d

                                                                          SHA1

                                                                          728f48e85427acf242f65da8dee22588c373e9aa

                                                                          SHA256

                                                                          1da2b7d6cea59b309a892d4ddb64a1f4d8fefd9b9d65da0b3aa0d42e4cedb8bf

                                                                          SHA512

                                                                          64c32133cee5f62a59cfbfad4742c1479ec2ab53188e09c97a18a062795e62cba3132f1b01b5748b91a4e6f010be933229eb7dc640ecbc7f7c8fda8a3efe7e94

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
                                                                          Filesize

                                                                          1.8MB

                                                                          MD5

                                                                          f8996d2158a69a12b4bc99edd28100bc

                                                                          SHA1

                                                                          892887691df881fe432e09b618e90f50447340e6

                                                                          SHA256

                                                                          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

                                                                          SHA512

                                                                          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
                                                                          Filesize

                                                                          1.8MB

                                                                          MD5

                                                                          f8996d2158a69a12b4bc99edd28100bc

                                                                          SHA1

                                                                          892887691df881fe432e09b618e90f50447340e6

                                                                          SHA256

                                                                          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

                                                                          SHA512

                                                                          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
                                                                          Filesize

                                                                          1.8MB

                                                                          MD5

                                                                          f8996d2158a69a12b4bc99edd28100bc

                                                                          SHA1

                                                                          892887691df881fe432e09b618e90f50447340e6

                                                                          SHA256

                                                                          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

                                                                          SHA512

                                                                          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
                                                                          Filesize

                                                                          1.8MB

                                                                          MD5

                                                                          f8996d2158a69a12b4bc99edd28100bc

                                                                          SHA1

                                                                          892887691df881fe432e09b618e90f50447340e6

                                                                          SHA256

                                                                          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

                                                                          SHA512

                                                                          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
                                                                          Filesize

                                                                          1.8MB

                                                                          MD5

                                                                          f8996d2158a69a12b4bc99edd28100bc

                                                                          SHA1

                                                                          892887691df881fe432e09b618e90f50447340e6

                                                                          SHA256

                                                                          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

                                                                          SHA512

                                                                          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
                                                                          Filesize

                                                                          1.8MB

                                                                          MD5

                                                                          f8996d2158a69a12b4bc99edd28100bc

                                                                          SHA1

                                                                          892887691df881fe432e09b618e90f50447340e6

                                                                          SHA256

                                                                          866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

                                                                          SHA512

                                                                          d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
                                                                          Filesize

                                                                          1.7MB

                                                                          MD5

                                                                          1bbf5dd0b6ca80e4c7c77495c3f33083

                                                                          SHA1

                                                                          e0520037e60eb641ec04d1e814394c9da0a6a862

                                                                          SHA256

                                                                          bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

                                                                          SHA512

                                                                          97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
                                                                          Filesize

                                                                          97KB

                                                                          MD5

                                                                          da1d0cd400e0b6ad6415fd4d90f69666

                                                                          SHA1

                                                                          de9083d2902906cacf57259cf581b1466400b799

                                                                          SHA256

                                                                          7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

                                                                          SHA512

                                                                          f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          1313bb5df6c6e0d5c358735044fbebef

                                                                          SHA1

                                                                          cac3e2e3ed63dc147318e18f202a9da849830a91

                                                                          SHA256

                                                                          7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

                                                                          SHA512

                                                                          596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          1313bb5df6c6e0d5c358735044fbebef

                                                                          SHA1

                                                                          cac3e2e3ed63dc147318e18f202a9da849830a91

                                                                          SHA256

                                                                          7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

                                                                          SHA512

                                                                          596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          1313bb5df6c6e0d5c358735044fbebef

                                                                          SHA1

                                                                          cac3e2e3ed63dc147318e18f202a9da849830a91

                                                                          SHA256

                                                                          7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

                                                                          SHA512

                                                                          596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          1313bb5df6c6e0d5c358735044fbebef

                                                                          SHA1

                                                                          cac3e2e3ed63dc147318e18f202a9da849830a91

                                                                          SHA256

                                                                          7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

                                                                          SHA512

                                                                          596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          1313bb5df6c6e0d5c358735044fbebef

                                                                          SHA1

                                                                          cac3e2e3ed63dc147318e18f202a9da849830a91

                                                                          SHA256

                                                                          7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

                                                                          SHA512

                                                                          596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
                                                                          Filesize

                                                                          326KB

                                                                          MD5

                                                                          80d93d38badecdd2b134fe4699721223

                                                                          SHA1

                                                                          e829e58091bae93bc64e0c6f9f0bac999cfda23d

                                                                          SHA256

                                                                          c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

                                                                          SHA512

                                                                          9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          e7bbc7b426cee4b8027a00b11f06ef34

                                                                          SHA1

                                                                          926fad387ede328d3cfd9da80d0b303a865cca98

                                                                          SHA256

                                                                          e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

                                                                          SHA512

                                                                          f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          e7bbc7b426cee4b8027a00b11f06ef34

                                                                          SHA1

                                                                          926fad387ede328d3cfd9da80d0b303a865cca98

                                                                          SHA256

                                                                          e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

                                                                          SHA512

                                                                          f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          e7bbc7b426cee4b8027a00b11f06ef34

                                                                          SHA1

                                                                          926fad387ede328d3cfd9da80d0b303a865cca98

                                                                          SHA256

                                                                          e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

                                                                          SHA512

                                                                          f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          e7bbc7b426cee4b8027a00b11f06ef34

                                                                          SHA1

                                                                          926fad387ede328d3cfd9da80d0b303a865cca98

                                                                          SHA256

                                                                          e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

                                                                          SHA512

                                                                          f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
                                                                          Filesize

                                                                          1.3MB

                                                                          MD5

                                                                          e7bbc7b426cee4b8027a00b11f06ef34

                                                                          SHA1

                                                                          926fad387ede328d3cfd9da80d0b303a865cca98

                                                                          SHA256

                                                                          e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

                                                                          SHA512

                                                                          f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
                                                                          Filesize

                                                                          326KB

                                                                          MD5

                                                                          80d93d38badecdd2b134fe4699721223

                                                                          SHA1

                                                                          e829e58091bae93bc64e0c6f9f0bac999cfda23d

                                                                          SHA256

                                                                          c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

                                                                          SHA512

                                                                          9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\jre-windows.exe
                                                                          Filesize

                                                                          41.2MB

                                                                          MD5

                                                                          b9919195f61824f980f4a088d7447a11

                                                                          SHA1

                                                                          447fd1f59219282ec5d2f7a179ac12cc072171c3

                                                                          SHA256

                                                                          3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

                                                                          SHA512

                                                                          d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\jre-windows.exe
                                                                          Filesize

                                                                          41.2MB

                                                                          MD5

                                                                          b9919195f61824f980f4a088d7447a11

                                                                          SHA1

                                                                          447fd1f59219282ec5d2f7a179ac12cc072171c3

                                                                          SHA256

                                                                          3895872bc4cdfb7693c227a435cf6740f968e4fa6ce0f7449e6a074e3e3a0f01

                                                                          SHA512

                                                                          d9f4e268531bd48f6b6aa4325024921bca30ebfff3ae6af5c069146a3fc401c411bdeceb306ba01fbf3bcdc48e39a367e78a1f355dc3dd5f1df75a0d585a10c6

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          a8f36f55fb07af57716e6385ed070d80

                                                                          SHA1

                                                                          edd3cde350f509d61e641ed8fe4daea3473cbce4

                                                                          SHA256

                                                                          8ef3bf9b4262615847f1b71d0d0e41893e2fc3f1a83a128445f19733b2618969

                                                                          SHA512

                                                                          7d76f6ca875895222c8c1b1e305143e4275a843e65d796e4939d9b3be6d198a0b018d875b09632f8f88f3ccfd538f7f0c0414b583e001145bcd95d3f0ba0d9d3

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          a8f36f55fb07af57716e6385ed070d80

                                                                          SHA1

                                                                          edd3cde350f509d61e641ed8fe4daea3473cbce4

                                                                          SHA256

                                                                          8ef3bf9b4262615847f1b71d0d0e41893e2fc3f1a83a128445f19733b2618969

                                                                          SHA512

                                                                          7d76f6ca875895222c8c1b1e305143e4275a843e65d796e4939d9b3be6d198a0b018d875b09632f8f88f3ccfd538f7f0c0414b583e001145bcd95d3f0ba0d9d3

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          a8f36f55fb07af57716e6385ed070d80

                                                                          SHA1

                                                                          edd3cde350f509d61e641ed8fe4daea3473cbce4

                                                                          SHA256

                                                                          8ef3bf9b4262615847f1b71d0d0e41893e2fc3f1a83a128445f19733b2618969

                                                                          SHA512

                                                                          7d76f6ca875895222c8c1b1e305143e4275a843e65d796e4939d9b3be6d198a0b018d875b09632f8f88f3ccfd538f7f0c0414b583e001145bcd95d3f0ba0d9d3

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          a8f36f55fb07af57716e6385ed070d80

                                                                          SHA1

                                                                          edd3cde350f509d61e641ed8fe4daea3473cbce4

                                                                          SHA256

                                                                          8ef3bf9b4262615847f1b71d0d0e41893e2fc3f1a83a128445f19733b2618969

                                                                          SHA512

                                                                          7d76f6ca875895222c8c1b1e305143e4275a843e65d796e4939d9b3be6d198a0b018d875b09632f8f88f3ccfd538f7f0c0414b583e001145bcd95d3f0ba0d9d3

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          a8f36f55fb07af57716e6385ed070d80

                                                                          SHA1

                                                                          edd3cde350f509d61e641ed8fe4daea3473cbce4

                                                                          SHA256

                                                                          8ef3bf9b4262615847f1b71d0d0e41893e2fc3f1a83a128445f19733b2618969

                                                                          SHA512

                                                                          7d76f6ca875895222c8c1b1e305143e4275a843e65d796e4939d9b3be6d198a0b018d875b09632f8f88f3ccfd538f7f0c0414b583e001145bcd95d3f0ba0d9d3

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          a8f36f55fb07af57716e6385ed070d80

                                                                          SHA1

                                                                          edd3cde350f509d61e641ed8fe4daea3473cbce4

                                                                          SHA256

                                                                          8ef3bf9b4262615847f1b71d0d0e41893e2fc3f1a83a128445f19733b2618969

                                                                          SHA512

                                                                          7d76f6ca875895222c8c1b1e305143e4275a843e65d796e4939d9b3be6d198a0b018d875b09632f8f88f3ccfd538f7f0c0414b583e001145bcd95d3f0ba0d9d3

                                                                          Download Submit

                                                                        • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                          Filesize

                                                                          2.7MB

                                                                          MD5

                                                                          a8f36f55fb07af57716e6385ed070d80

                                                                          SHA1

                                                                          edd3cde350f509d61e641ed8fe4daea3473cbce4

                                                                          SHA256

                                                                          8ef3bf9b4262615847f1b71d0d0e41893e2fc3f1a83a128445f19733b2618969

                                                                          SHA512

                                                                          7d76f6ca875895222c8c1b1e305143e4275a843e65d796e4939d9b3be6d198a0b018d875b09632f8f88f3ccfd538f7f0c0414b583e001145bcd95d3f0ba0d9d3

                                                                          Download Submit

                                                                        • memory/480-176-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/624-532-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/624-527-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/808-601-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/872-755-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/872-779-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/908-59-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/908-67-0x0000000000350000-0x0000000000738000-memory.dmp

                                                                          Filesize

                                                                          3.9MB

                                                                          Download

                                                                        • memory/908-71-0x0000000000890000-0x00000000008BC000-memory.dmp

                                                                          Filesize

                                                                          176KB

                                                                          Download

                                                                        • memory/908-70-0x0000000010000000-0x0000000010051000-memory.dmp

                                                                          Filesize

                                                                          324KB

                                                                          Download

                                                                        • memory/908-73-0x0000000000350000-0x0000000000738000-memory.dmp

                                                                          Filesize

                                                                          3.9MB

                                                                          Download

                                                                        • memory/908-150-0x0000000002D90000-0x0000000002DA0000-memory.dmp

                                                                          Filesize

                                                                          64KB

                                                                          Download

                                                                        • memory/908-82-0x0000000002D90000-0x0000000002DA0000-memory.dmp

                                                                          Filesize

                                                                          64KB

                                                                          Download

                                                                        • memory/948-113-0x00000000058F0000-0x0000000005DFC000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/948-106-0x0000000000E60000-0x0000000000E70000-memory.dmp

                                                                          Filesize

                                                                          64KB

                                                                          Download

                                                                        • memory/948-121-0x0000000000290000-0x0000000000678000-memory.dmp

                                                                          Filesize

                                                                          3.9MB

                                                                          Download

                                                                        • memory/948-109-0x00000000058F0000-0x0000000005DFC000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/948-108-0x00000000058F0000-0x0000000005DFC000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/948-88-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/948-98-0x0000000000290000-0x0000000000678000-memory.dmp

                                                                          Filesize

                                                                          3.9MB

                                                                          Download

                                                                        • memory/948-112-0x00000000058F0000-0x0000000005DFC000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/964-54-0x0000000075FB1000-0x0000000075FB3000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/964-65-0x0000000002D80000-0x0000000003168000-memory.dmp

                                                                          Filesize

                                                                          3.9MB

                                                                          Download

                                                                        • memory/964-66-0x0000000002D80000-0x0000000003168000-memory.dmp

                                                                          Filesize

                                                                          3.9MB

                                                                          Download

                                                                        • memory/964-72-0x0000000002D80000-0x0000000003168000-memory.dmp

                                                                          Filesize

                                                                          3.9MB

                                                                          Download

                                                                        • memory/1048-145-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/1048-132-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/1048-212-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/1156-216-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/1156-128-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/1156-117-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/1268-167-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/1456-169-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/1460-171-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/1472-123-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/1472-130-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/1484-173-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/1516-340-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/1612-213-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/1612-141-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/1612-146-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/1664-674-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/1664-721-0x0000000000400000-0x0000000000417000-memory.dmp

                                                                          Filesize

                                                                          92KB

                                                                          Download

                                                                        • memory/1664-723-0x0000000000230000-0x0000000000247000-memory.dmp

                                                                          Filesize

                                                                          92KB

                                                                          Download

                                                                        • memory/1664-762-0x0000000000400000-0x0000000000417000-memory.dmp

                                                                          Filesize

                                                                          92KB

                                                                          Download

                                                                        • memory/1664-725-0x0000000000230000-0x0000000000247000-memory.dmp

                                                                          Filesize

                                                                          92KB

                                                                          Download

                                                                        • memory/1888-161-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/1960-159-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/1960-157-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/1964-144-0x0000000003850000-0x0000000003D5C000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/1964-215-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/1964-127-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/1964-124-0x0000000003410000-0x000000000391C000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/1964-152-0x0000000003410000-0x000000000391C000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/1964-155-0x0000000003850000-0x0000000003D5C000-memory.dmp

                                                                          Filesize

                                                                          5.0MB

                                                                          Download

                                                                        • memory/1964-107-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/1972-372-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2004-97-0x0000000002BC0000-0x0000000002FA8000-memory.dmp

                                                                          Filesize

                                                                          3.9MB

                                                                          Download

                                                                        • memory/2004-95-0x0000000002930000-0x0000000002D18000-memory.dmp

                                                                          Filesize

                                                                          3.9MB

                                                                          Download

                                                                        • memory/2004-96-0x0000000002BC0000-0x0000000002FA8000-memory.dmp

                                                                          Filesize

                                                                          3.9MB

                                                                          Download

                                                                        • memory/2004-79-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2008-675-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/2008-651-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2012-712-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2052-851-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/2052-788-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2072-464-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2072-469-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/2088-621-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2088-676-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/2116-214-0x0000000003550000-0x0000000003560000-memory.dmp

                                                                          Filesize

                                                                          64KB

                                                                          Download

                                                                        • memory/2116-178-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2152-179-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2208-310-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2208-352-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/2232-818-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2232-852-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/2304-210-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2316-854-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2408-522-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/2408-496-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2452-211-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2468-758-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2512-848-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2564-684-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2564-691-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/2576-590-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/2576-558-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2620-741-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2644-217-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2720-403-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2720-406-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/2796-248-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2848-707-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2848-434-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2848-468-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/2880-588-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2916-728-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/2916-720-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2932-249-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2972-279-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/2972-282-0x000007FEFBA01000-0x000007FEFBA03000-memory.dmp

                                                                          Filesize

                                                                          8KB

                                                                          Download

                                                                        • memory/3084-855-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/3112-856-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/3136-857-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/3164-858-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/3188-859-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/3216-860-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/3240-861-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/3272-862-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/3356-867-0x0000000000000000-mapping.dmp

                                                                          Download

                                                                        • memory/3368-868-0x0000000000000000-mapping.dmp

                                                                          Download