Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

TLauncher-...al.exe

windows7-x64

8

TLauncher-...al.exe

windows10-2004-x64

8

Resubmissions

01/02/2023, 00:47

230201-a5n2xsbb55 8

01/02/2023, 00:43

230201-a29jfsda7t 8

Analysis

  • max time kernel
    334s
  • max time network
    336s
  • platform
    windows7_x64
  • resource
    win7-20220812-es
  • resource tags

    arch:x64arch:x86image:win7-20220812-eslocale:es-esos:windows7-x64systemwindows
  • submitted
    01/02/2023, 00:47

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-2.871-Installer-1.0.6-global.exe

  • Size

    23.6MB

  • MD5

    7a4472a78d0651e11d20aa08e43cc045

  • SHA1

    aab1d5f80d7399ae2c1982201733be7681d100b1

  • SHA256

    318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96

  • SHA512

    c152c9d21b0615548173dcc61accb1a1afd5b6f98e6ec21f6a7119536397f07a54ad4087669716c3344dd338ce4f24cecf9989d472f65eaa18c87d496f23c681

  • SSDEEP

    393216:gXQLpnUN/n8IPfs/dQETVlOBbpFEj9GZ1GphRqV56Hpk7IXOzDnKI17fyVS:ggLFUp8aHExiTI3qqHp6zvKcfyVS

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 56 IoCs
  • UPX packed file 41 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 8 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 3 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1036
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe" "__IRCT:3" "__IRTSS:24771453" "__IRSID:S-1-5-21-2292972927-2705560509-2768824231-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1012
      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1968
        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-2292972927-2705560509-2768824231-1000"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies system certificate store
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1564
          • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Enumerates connected drives
            • Modifies system certificate store
            • Suspicious use of WriteProcessMemory
            PID:1724
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x71b78658,0x71b78668,0x71b78674
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1232
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:752
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=es --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1724 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230201014950" --session-guid=db2a0148-a8ee-46f7-8376-1afaa89d77e6 --server-tracking-blob=NzEyNjhlMDY1MmQyZTBiYmJhZDZjZGI2ZTUzOTQzM2E5YWM4ZjYwNmNmZGE5YWQ4MWRiODAwOTljYjg2MzM4OTp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzUyMTI1ODcuODIzMyIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiZjAxMDEyNjctYmU4Zi00OTEwLWI1NGItMGM5ZDZmZDY4NTVhIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1003000000000000
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Enumerates connected drives
              • Suspicious use of WriteProcessMemory
              PID:1344
              • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x71158658,0x71158668,0x71158674
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:968
              • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe
                "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe" --backend --initial-pid=1724 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=es --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501" --session-guid=db2a0148-a8ee-46f7-8376-1afaa89d77e6 --server-tracking-blob=NzEyNjhlMDY1MmQyZTBiYmJhZDZjZGI2ZTUzOTQzM2E5YWM4ZjYwNmNmZGE5YWQ4MWRiODAwOTljYjg2MzM4OTp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzUyMTI1ODcuODIzMyIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiZjAxMDEyNjctYmU4Zi00OTEwLWI1NGItMGM5ZDZmZDY4NTVhIn0= --silent --desktopshortcut=1 --install-subfolder=94.0.4606.76
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Enumerates connected drives
                • Modifies registry class
                PID:832
                • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe
                  C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x174,0x178,0x17c,0x148,0x180,0x7fef6c92c98,0x7fef6c92ca8,0x7fef6c92cb8
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:1568
                • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                  "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:1608
                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Enumerates system info in registry
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1496
                    • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe
                      C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feeee6c490,0x7feeee6c4a0,0x7feeee6c4b0
                      10⤵
                      • Executes dropped EXE
                      PID:712
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1100 --field-trial-handle=1180,i,3611841357927119591,12512346354349273376,131072 /prefetch:2
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:2132
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1380 --field-trial-handle=1180,i,3611841357927119591,12512346354349273376,131072 /prefetch:8
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:2316
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\assistant\_sfx.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\assistant\_sfx.exe"
              6⤵
              • Executes dropped EXE
              PID:1384
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\assistant\assistant_installer.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\assistant\assistant_installer.exe" --version
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1616
              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\assistant\assistant_installer.exe
                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0x2f2dc0,0x2f2dd0,0x2f2ddc
                7⤵
                • Executes dropped EXE
                PID:1984
      • C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
        "C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
        3⤵
        • Executes dropped EXE
        PID:1600
        • C:\Users\Admin\AppData\Local\Temp\jds7213782.tmp\jre-windows.exe
          "C:\Users\Admin\AppData\Local\Temp\jds7213782.tmp\jre-windows.exe" "STATIC=1"
          4⤵
          • Executes dropped EXE
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2408
  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
    1⤵
    • Executes dropped EXE
    • Checks computer location settings
    • Adds Run key to start application
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2520
    • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe
      C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feeee6c490,0x7feeee6c4a0,0x7feeee6c4b0
      2⤵
      • Executes dropped EXE
      PID:2564
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:2
      2⤵
      • Executes dropped EXE
      PID:2716
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1352 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2852
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1608 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2880
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2008 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:580
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2024 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2192
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2052 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2244
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2056 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2340
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2088 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2832
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --first-renderer-process --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=2112 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:2072
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=2128 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:2092
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=2944 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:2324
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=2984 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:2756
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=3148 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:2116
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=3188 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:2128
    • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
      2⤵
      • Executes dropped EXE
      PID:388
      • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe
        C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x14014ab38,0x14014ab48,0x14014ab58
        3⤵
        • Executes dropped EXE
        PID:3048
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=1444 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:2844
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=2708 --field-trial-handle=1252,i,397312648610630769,13210102843572001436,131072 /prefetch:1
      2⤵
        PID:904
    • C:\Windows\system32\taskeng.exe
      taskeng.exe {0324ED34-96C2-4C84-9FFA-4350A262CAEA} S-1-5-21-2292972927-2705560509-2768824231-1000:GRXNNIIE\Admin:Interactive:[1]
      1⤵
        PID:2172
        • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
          C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=94.0.4606.76 --newautoupdaterlogic
          2⤵
          • Executes dropped EXE
          PID:2540
          • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
            "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
            3⤵
            • Executes dropped EXE
            PID:2208
          • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe
            "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe" --pipeid=oauc_task_pipedcbb8f53eff625f232ff45d764476217 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015" --scheduledtask
            3⤵
            • Executes dropped EXE
            PID:1676
            • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
              4⤵
              • Executes dropped EXE
              PID:2636
      • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe
        C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\Crash Reports" --crash-count-file=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\crash_count.txt --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x14043ab38,0x14043ab48,0x14043ab58
        1⤵
        • Executes dropped EXE
        PID:1632
      • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
        "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
        1⤵
        • Executes dropped EXE
        PID:1504
        • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" -noautoupdate -- "http://java-for-minecraft.com/"
          2⤵
          • Executes dropped EXE
          PID:2124
          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" -noautoupdate --ran-launcher -- http://java-for-minecraft.com/
            3⤵
            • Executes dropped EXE
            • Enumerates system info in registry
            PID:2244
            • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe
              C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feeee6c490,0x7feeee6c4a0,0x7feeee6c4b0
              4⤵
              • Executes dropped EXE
              PID:1968
            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1096 --field-trial-handle=1180,i,1239501006771203290,13571391587145717632,131072 /prefetch:2
              4⤵
              • Executes dropped EXE
              PID:268
            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1304 --field-trial-handle=1180,i,1239501006771203290,13571391587145717632,131072 /prefetch:8
              4⤵
              • Executes dropped EXE
              PID:1724
      • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
        "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
        1⤵
        • Executes dropped EXE
        PID:2680
        • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" -noautoupdate -- "http://java-for-minecraft.com/"
          2⤵
          • Executes dropped EXE
          PID:2208
          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" -noautoupdate --ran-launcher -- http://java-for-minecraft.com/
            3⤵
            • Executes dropped EXE
            • Enumerates system info in registry
            PID:1664
            • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe
              C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feeee6c490,0x7feeee6c4a0,0x7feeee6c4b0
              4⤵
              • Executes dropped EXE
              PID:2644
            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1080 --field-trial-handle=1212,i,2181097416965570964,2859679111371293456,131072 /prefetch:2
              4⤵
              • Executes dropped EXE
              PID:1996
            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1184 --field-trial-handle=1212,i,2181097416965570964,2859679111371293456,131072 /prefetch:8
              4⤵
              • Executes dropped EXE
              PID:2200

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
        Filesize

        471B

        MD5

        9cbb254ca8da5a4099c66d7dce2d69de

        SHA1

        3f328e1410c5c4ea2fa2b387dbef7c6479ea258c

        SHA256

        f6cad04bfeb909acd5c89c6137fd33b267fa2e021553b3515c82e9d7cfb3fc58

        SHA512

        93fe3387c563d18ea2f9cb96f1d868d1d5a26c0490126242279a6f39a2df53311fc9806ee14b4b0301195a17dd75abc318695aa0a328330820e8fc20b6fed4a4

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        340B

        MD5

        11491fab004f3c699bbb0101f9420146

        SHA1

        b083d9ef17b68a39e84296b006ec62e4a1c61f41

        SHA256

        4cd235446916683ef4931c821a1ba640c28f8a342bc102c2c0ead6f637c4ce39

        SHA512

        7e304e59442e927f321963ad1290e8ef9dcdb9caa8c5a4953026a336523e514d5bcd83bf848be0a4670019a31459125cf9769b788b8165dfddd2c6eba27745ff

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
        Filesize

        404B

        MD5

        2c0a3d8d202bc2e7fb6d580f2635167d

        SHA1

        846c474d8703cb2c83827bf15b083b2f0d324e53

        SHA256

        4ace88fe91426638db44a1a8656c480da5230507692ef080c797f2f4fa77fcb0

        SHA512

        b96fb9c313c3f105f6db5bc381dff9cb497c131f22e5311beb4f38f555c231ac368d1154b0aac8a958b3cebffa3106eb09e32a8c6c8bb3461417982cb419895f

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        9c1ac0b2bcc0f920cbd20ce36137fb74

        SHA1

        5aab2e7cc3d124b95b668dcc39fc69fde5586e1d

        SHA256

        cc1ab6bb00b0301c431f8115ad1875c376baae3b029bc3ac877c8da1ab563d2d

        SHA512

        0005511223084912cce2408a5edfa59cb1dbd818b12a864c318d80663cbdee246ae27414b22c1d30370a08c1cad6b966c9e973b9259377ca3f0fae1d45da8d92

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\assistant\_sfx.exe
        Filesize

        1.7MB

        MD5

        0238df215bf6943892daf85de8ad433a

        SHA1

        3d905e4e2c0e9170df61b7a199321847691f945e

        SHA256

        a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

        SHA512

        fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\assistant\_sfx.exe
        Filesize

        1.7MB

        MD5

        0238df215bf6943892daf85de8ad433a

        SHA1

        3d905e4e2c0e9170df61b7a199321847691f945e

        SHA256

        a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

        SHA512

        fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\opera_package
        Filesize

        86.7MB

        MD5

        038275aad393989e8c0b6634da083fc7

        SHA1

        65b4ebd22a289935b71d41077a06eeda11eed154

        SHA256

        ac96d0fca59c713690e2dd0d899c90d0c27ad4784f8425656ae14aefdaca3d05

        SHA512

        2dd5bdfa1e500232ac0ac06030db3b73b3a5af2a8d9fa1601913deeb853ec99249387bc96f5efa25919fa3ef2bf1c512e21dd07b2baecccacfa90548cd21a4d8

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        7e08af319c9eb3297e09ca7bb8387de4

        SHA1

        4cf091f77a3eb9437ef33985e64bd10c1257284f

        SHA256

        6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

        SHA512

        bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        7e08af319c9eb3297e09ca7bb8387de4

        SHA1

        4cf091f77a3eb9437ef33985e64bd10c1257284f

        SHA256

        6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

        SHA512

        bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        9c1ac0b2bcc0f920cbd20ce36137fb74

        SHA1

        5aab2e7cc3d124b95b668dcc39fc69fde5586e1d

        SHA256

        cc1ab6bb00b0301c431f8115ad1875c376baae3b029bc3ac877c8da1ab563d2d

        SHA512

        0005511223084912cce2408a5edfa59cb1dbd818b12a864c318d80663cbdee246ae27414b22c1d30370a08c1cad6b966c9e973b9259377ca3f0fae1d45da8d92

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        9c1ac0b2bcc0f920cbd20ce36137fb74

        SHA1

        5aab2e7cc3d124b95b668dcc39fc69fde5586e1d

        SHA256

        cc1ab6bb00b0301c431f8115ad1875c376baae3b029bc3ac877c8da1ab563d2d

        SHA512

        0005511223084912cce2408a5edfa59cb1dbd818b12a864c318d80663cbdee246ae27414b22c1d30370a08c1cad6b966c9e973b9259377ca3f0fae1d45da8d92

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        9c1ac0b2bcc0f920cbd20ce36137fb74

        SHA1

        5aab2e7cc3d124b95b668dcc39fc69fde5586e1d

        SHA256

        cc1ab6bb00b0301c431f8115ad1875c376baae3b029bc3ac877c8da1ab563d2d

        SHA512

        0005511223084912cce2408a5edfa59cb1dbd818b12a864c318d80663cbdee246ae27414b22c1d30370a08c1cad6b966c9e973b9259377ca3f0fae1d45da8d92

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        9c1ac0b2bcc0f920cbd20ce36137fb74

        SHA1

        5aab2e7cc3d124b95b668dcc39fc69fde5586e1d

        SHA256

        cc1ab6bb00b0301c431f8115ad1875c376baae3b029bc3ac877c8da1ab563d2d

        SHA512

        0005511223084912cce2408a5edfa59cb1dbd818b12a864c318d80663cbdee246ae27414b22c1d30370a08c1cad6b966c9e973b9259377ca3f0fae1d45da8d92

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        9c1ac0b2bcc0f920cbd20ce36137fb74

        SHA1

        5aab2e7cc3d124b95b668dcc39fc69fde5586e1d

        SHA256

        cc1ab6bb00b0301c431f8115ad1875c376baae3b029bc3ac877c8da1ab563d2d

        SHA512

        0005511223084912cce2408a5edfa59cb1dbd818b12a864c318d80663cbdee246ae27414b22c1d30370a08c1cad6b966c9e973b9259377ca3f0fae1d45da8d92

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
        Filesize

        602B

        MD5

        30b6e86e55256bd88ccc4529e4a8061b

        SHA1

        8d536bf0cf1606e78d6c11941c9123b593b810eb

        SHA256

        63fe8e21b322ad0aa32e209c05646e3552e870c04a7c6426658e39b462da1053

        SHA512

        78dd9306c0e938acbc72ea5760413adbf4328d40b8f655598897546a96ba345f676ed2686228780e6f88bd345c49285bc741016855b6ea84ebde425a26d37267

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
        Filesize

        40B

        MD5

        7e94e601b120f6b907372bc49ddbc9be

        SHA1

        0a976207786b9b282891eded8d26e626876abe64

        SHA256

        dc36ed92569e7ac5400b96cb83a5acd8e9c413f1d9497fd4c4277669e290d59f

        SHA512

        772950f6cb03307c4a0a45313a5f6de6780f3d3ec09c2e3691565eb8d429c3b98979e8fb81f38cdc43ef9c935a3c12fcb845a5282353858b3177f02c1ac63d8a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        9c1ac0b2bcc0f920cbd20ce36137fb74

        SHA1

        5aab2e7cc3d124b95b668dcc39fc69fde5586e1d

        SHA256

        cc1ab6bb00b0301c431f8115ad1875c376baae3b029bc3ac877c8da1ab563d2d

        SHA512

        0005511223084912cce2408a5edfa59cb1dbd818b12a864c318d80663cbdee246ae27414b22c1d30370a08c1cad6b966c9e973b9259377ca3f0fae1d45da8d92

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\assistant\_sfx.exe
        Filesize

        1.7MB

        MD5

        0238df215bf6943892daf85de8ad433a

        SHA1

        3d905e4e2c0e9170df61b7a199321847691f945e

        SHA256

        a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

        SHA512

        fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\opera_package
        Filesize

        86.7MB

        MD5

        038275aad393989e8c0b6634da083fc7

        SHA1

        65b4ebd22a289935b71d41077a06eeda11eed154

        SHA256

        ac96d0fca59c713690e2dd0d899c90d0c27ad4784f8425656ae14aefdaca3d05

        SHA512

        2dd5bdfa1e500232ac0ac06030db3b73b3a5af2a8d9fa1601913deeb853ec99249387bc96f5efa25919fa3ef2bf1c512e21dd07b2baecccacfa90548cd21a4d8

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\opera_package
        Filesize

        86.7MB

        MD5

        038275aad393989e8c0b6634da083fc7

        SHA1

        65b4ebd22a289935b71d41077a06eeda11eed154

        SHA256

        ac96d0fca59c713690e2dd0d899c90d0c27ad4784f8425656ae14aefdaca3d05

        SHA512

        2dd5bdfa1e500232ac0ac06030db3b73b3a5af2a8d9fa1601913deeb853ec99249387bc96f5efa25919fa3ef2bf1c512e21dd07b2baecccacfa90548cd21a4d8

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302010149501\opera_package
        Filesize

        86.7MB

        MD5

        038275aad393989e8c0b6634da083fc7

        SHA1

        65b4ebd22a289935b71d41077a06eeda11eed154

        SHA256

        ac96d0fca59c713690e2dd0d899c90d0c27ad4784f8425656ae14aefdaca3d05

        SHA512

        2dd5bdfa1e500232ac0ac06030db3b73b3a5af2a8d9fa1601913deeb853ec99249387bc96f5efa25919fa3ef2bf1c512e21dd07b2baecccacfa90548cd21a4d8

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302010149481211724.dll
        Filesize

        4.3MB

        MD5

        832ae69091fba73338df9103db4f8be1

        SHA1

        d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

        SHA256

        191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

        SHA512

        b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302010149494781232.dll
        Filesize

        4.3MB

        MD5

        832ae69091fba73338df9103db4f8be1

        SHA1

        d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

        SHA256

        191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

        SHA512

        b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_230201014950742752.dll
        Filesize

        4.3MB

        MD5

        832ae69091fba73338df9103db4f8be1

        SHA1

        d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

        SHA256

        191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

        SHA512

        b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302010149517091344.dll
        Filesize

        4.3MB

        MD5

        832ae69091fba73338df9103db4f8be1

        SHA1

        d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

        SHA256

        191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

        SHA512

        b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_230201014954517968.dll
        Filesize

        4.3MB

        MD5

        832ae69091fba73338df9103db4f8be1

        SHA1

        d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

        SHA256

        191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

        SHA512

        b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
        Filesize

        1.7MB

        MD5

        1bbf5dd0b6ca80e4c7c77495c3f33083

        SHA1

        e0520037e60eb641ec04d1e814394c9da0a6a862

        SHA256

        bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

        SHA512

        97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
        Filesize

        97KB

        MD5

        da1d0cd400e0b6ad6415fd4d90f69666

        SHA1

        de9083d2902906cacf57259cf581b1466400b799

        SHA256

        7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

        SHA512

        f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        7e08af319c9eb3297e09ca7bb8387de4

        SHA1

        4cf091f77a3eb9437ef33985e64bd10c1257284f

        SHA256

        6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

        SHA512

        bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        7e08af319c9eb3297e09ca7bb8387de4

        SHA1

        4cf091f77a3eb9437ef33985e64bd10c1257284f

        SHA256

        6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

        SHA512

        bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        7e08af319c9eb3297e09ca7bb8387de4

        SHA1

        4cf091f77a3eb9437ef33985e64bd10c1257284f

        SHA256

        6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

        SHA512

        bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        7e08af319c9eb3297e09ca7bb8387de4

        SHA1

        4cf091f77a3eb9437ef33985e64bd10c1257284f

        SHA256

        6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

        SHA512

        bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        7e08af319c9eb3297e09ca7bb8387de4

        SHA1

        4cf091f77a3eb9437ef33985e64bd10c1257284f

        SHA256

        6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

        SHA512

        bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        9c1ac0b2bcc0f920cbd20ce36137fb74

        SHA1

        5aab2e7cc3d124b95b668dcc39fc69fde5586e1d

        SHA256

        cc1ab6bb00b0301c431f8115ad1875c376baae3b029bc3ac877c8da1ab563d2d

        SHA512

        0005511223084912cce2408a5edfa59cb1dbd818b12a864c318d80663cbdee246ae27414b22c1d30370a08c1cad6b966c9e973b9259377ca3f0fae1d45da8d92

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        9c1ac0b2bcc0f920cbd20ce36137fb74

        SHA1

        5aab2e7cc3d124b95b668dcc39fc69fde5586e1d

        SHA256

        cc1ab6bb00b0301c431f8115ad1875c376baae3b029bc3ac877c8da1ab563d2d

        SHA512

        0005511223084912cce2408a5edfa59cb1dbd818b12a864c318d80663cbdee246ae27414b22c1d30370a08c1cad6b966c9e973b9259377ca3f0fae1d45da8d92

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        9c1ac0b2bcc0f920cbd20ce36137fb74

        SHA1

        5aab2e7cc3d124b95b668dcc39fc69fde5586e1d

        SHA256

        cc1ab6bb00b0301c431f8115ad1875c376baae3b029bc3ac877c8da1ab563d2d

        SHA512

        0005511223084912cce2408a5edfa59cb1dbd818b12a864c318d80663cbdee246ae27414b22c1d30370a08c1cad6b966c9e973b9259377ca3f0fae1d45da8d92

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        9c1ac0b2bcc0f920cbd20ce36137fb74

        SHA1

        5aab2e7cc3d124b95b668dcc39fc69fde5586e1d

        SHA256

        cc1ab6bb00b0301c431f8115ad1875c376baae3b029bc3ac877c8da1ab563d2d

        SHA512

        0005511223084912cce2408a5edfa59cb1dbd818b12a864c318d80663cbdee246ae27414b22c1d30370a08c1cad6b966c9e973b9259377ca3f0fae1d45da8d92

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        9c1ac0b2bcc0f920cbd20ce36137fb74

        SHA1

        5aab2e7cc3d124b95b668dcc39fc69fde5586e1d

        SHA256

        cc1ab6bb00b0301c431f8115ad1875c376baae3b029bc3ac877c8da1ab563d2d

        SHA512

        0005511223084912cce2408a5edfa59cb1dbd818b12a864c318d80663cbdee246ae27414b22c1d30370a08c1cad6b966c9e973b9259377ca3f0fae1d45da8d92

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        9c1ac0b2bcc0f920cbd20ce36137fb74

        SHA1

        5aab2e7cc3d124b95b668dcc39fc69fde5586e1d

        SHA256

        cc1ab6bb00b0301c431f8115ad1875c376baae3b029bc3ac877c8da1ab563d2d

        SHA512

        0005511223084912cce2408a5edfa59cb1dbd818b12a864c318d80663cbdee246ae27414b22c1d30370a08c1cad6b966c9e973b9259377ca3f0fae1d45da8d92

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        9c1ac0b2bcc0f920cbd20ce36137fb74

        SHA1

        5aab2e7cc3d124b95b668dcc39fc69fde5586e1d

        SHA256

        cc1ab6bb00b0301c431f8115ad1875c376baae3b029bc3ac877c8da1ab563d2d

        SHA512

        0005511223084912cce2408a5edfa59cb1dbd818b12a864c318d80663cbdee246ae27414b22c1d30370a08c1cad6b966c9e973b9259377ca3f0fae1d45da8d92

        Download Submit

      • memory/580-311-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

        Filesize

        8KB

        Download

      • memory/752-126-0x0000000000400000-0x0000000000908000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/832-167-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

        Filesize

        8KB

        Download

      • memory/968-144-0x0000000000400000-0x0000000000908000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/968-182-0x0000000000400000-0x0000000000908000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/1012-70-0x0000000010000000-0x0000000010051000-memory.dmp

        Filesize

        324KB

        Download

      • memory/1012-76-0x0000000002DD0000-0x0000000002DE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1012-73-0x00000000008C0000-0x0000000000CA8000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1012-71-0x00000000005B0000-0x00000000005DC000-memory.dmp

        Filesize

        176KB

        Download

      • memory/1012-598-0x0000000010000000-0x0000000010051000-memory.dmp

        Filesize

        324KB

        Download

      • memory/1012-67-0x00000000008C0000-0x0000000000CA8000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1036-65-0x0000000002D20000-0x0000000003108000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1036-72-0x0000000002D20000-0x0000000003108000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1036-66-0x0000000002D20000-0x0000000003108000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1036-54-0x0000000075E01000-0x0000000075E03000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1232-119-0x0000000000400000-0x0000000000908000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/1232-196-0x0000000000400000-0x0000000000908000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/1344-133-0x0000000000400000-0x0000000000908000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/1344-177-0x0000000000400000-0x0000000000908000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/1344-151-0x00000000027C0000-0x0000000002CC8000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/1496-213-0x0000000002860000-0x0000000002870000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1564-115-0x0000000000B50000-0x0000000000F38000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1564-116-0x0000000002680000-0x0000000002690000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1564-100-0x0000000000B50000-0x0000000000F38000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1564-147-0x0000000002680000-0x0000000002690000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1724-192-0x0000000000400000-0x0000000000908000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/1724-150-0x0000000003720000-0x0000000003C28000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/1724-132-0x0000000003720000-0x0000000003C28000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/1724-117-0x0000000000400000-0x0000000000908000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/1724-131-0x00000000033A0000-0x00000000038A8000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/1724-148-0x0000000002820000-0x0000000002D28000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/1724-149-0x00000000033A0000-0x00000000038A8000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/1724-118-0x0000000002820000-0x0000000002D28000-memory.dmp

        Filesize

        5.0MB

        Download

      • memory/1968-98-0x00000000030C0000-0x00000000034A8000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1968-99-0x00000000030C0000-0x00000000034A8000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1968-95-0x00000000030C0000-0x00000000034A8000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/2072-472-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2092-495-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2116-590-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2128-634-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2192-364-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2244-374-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2340-408-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2520-675-0x0000000005630000-0x000000000563A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2520-679-0x0000000005630000-0x000000000563A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2520-678-0x0000000005630000-0x000000000563A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2520-674-0x0000000005630000-0x000000000563A000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2756-558-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2844-673-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2880-283-0x000007FEFC471000-0x000007FEFC473000-memory.dmp

        Filesize

        8KB

        Download