Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

TLauncher-....6.exe

windows7-x64

8

TLauncher-....6.exe

windows10-2004-x64

8

Resubmissions

01/02/2023, 12:59

230201-p74mqadc34 8

Analysis

  • max time kernel
    211s
  • max time network
    215s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2023, 12:59

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-2.871-Installer-1.0.6.exe

  • Size

    23.7MB

  • MD5

    49fb0f13cdb8d7cad1487889b6becced

  • SHA1

    b71d98ec45e6f7314f0e33106485beef99b2ee7c

  • SHA256

    7e49e00be1992fbc4ac14f2e5e3c05dccadf8fba3c3936357d8df7f146f5f0a3

  • SHA512

    639fa23294556bf77080d420e7e1b5b7c07a8b1e93897c36a4f8e398c1c58de9b91636420102e68f6957c768793797728664e32dc38aa68315746882b4ebe1d9

  • SSDEEP

    393216:XX921sp/n85Pfs/dQETVlOBbpFEj9GZ1GphRqV56Hpk7IXOzDnKI17fyV5:XN8s18hHExiTI3qqHp6zvKcfyV5

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 38 IoCs
  • UPX packed file 41 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 3 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 8 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:916
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe" "__IRCT:3" "__IRTSS:24870711" "__IRSID:S-1-5-21-2292972927-2705560509-2768824231-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1212
      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1332
        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-2292972927-2705560509-2768824231-1000"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies system certificate store
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1108
          • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Enumerates connected drives
            • Modifies system certificate store
            • Suspicious use of WriteProcessMemory
            PID:1788
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x710a8658,0x710a8668,0x710a8674
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:2044
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:636
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1788 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230201140040" --session-guid=280e0ab8-859a-463e-a455-a9410b76532b --server-tracking-blob=ZGIyMjFkOTk5Mjk2Y2Q0YmY0ODI0YzhkYTEzZjA2NWRiMjZhZWU4MGE1NDZmNmE0YTUyN2NhYzIxNjYwYzBjODp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzUyNTY0MzYuNDExMiIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiMjAxOTU5ZjMtZDYyMy00Y2E4LWJjOGItNWM3NDUxZmM3ZDA1In0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0C03000000000000
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Enumerates connected drives
              • Suspicious use of WriteProcessMemory
              PID:1112
              • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x70688658,0x70688668,0x70688674
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:1616
              • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe
                "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe" --backend --initial-pid=1788 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401" --session-guid=280e0ab8-859a-463e-a455-a9410b76532b --server-tracking-blob=ZGIyMjFkOTk5Mjk2Y2Q0YmY0ODI0YzhkYTEzZjA2NWRiMjZhZWU4MGE1NDZmNmE0YTUyN2NhYzIxNjYwYzBjODp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzUyNTY0MzYuNDExMiIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiMjAxOTU5ZjMtZDYyMy00Y2E4LWJjOGItNWM3NDUxZmM3ZDA1In0= --silent --desktopshortcut=1 --install-subfolder=94.0.4606.76
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Enumerates connected drives
                • Modifies registry class
                PID:968
                • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe
                  C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x174,0x178,0x17c,0x148,0x180,0x7fef4102c98,0x7fef4102ca8,0x7fef4102cb8
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:880
                • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                  "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:2060
                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Enumerates system info in registry
                    • Suspicious use of AdjustPrivilegeToken
                    PID:2096
                    • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe
                      C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feee3fc490,0x7feee3fc4a0,0x7feee3fc4b0
                      10⤵
                      • Executes dropped EXE
                      PID:2112
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1060 --field-trial-handle=1208,i,477918731880992010,2513386317185463305,131072 /prefetch:2
                      10⤵
                        PID:2312
              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\assistant\_sfx.exe
                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\assistant\_sfx.exe"
                6⤵
                • Executes dropped EXE
                PID:600
              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\assistant\assistant_installer.exe
                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\assistant\assistant_installer.exe" --version
                6⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:272
                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\assistant\assistant_installer.exe
                  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0xed2dc0,0xed2dd0,0xed2ddc
                  7⤵
                  • Executes dropped EXE
                  PID:1696
        • C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
          "C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
          3⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1208
          • C:\Users\Admin\AppData\Local\Temp\jds7165671.tmp\jre-windows.exe
            "C:\Users\Admin\AppData\Local\Temp\jds7165671.tmp\jre-windows.exe" "STATIC=1"
            4⤵
            • Executes dropped EXE
            • Modifies Internet Explorer settings
            • Suspicious use of SetWindowsHookEx
            PID:1184
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
      1⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Adds Run key to start application
      • Checks processor information in registry
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of AdjustPrivilegeToken
      PID:2424
      • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe
        C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feee3fc490,0x7feee3fc4a0,0x7feee3fc4b0
        2⤵
        • Executes dropped EXE
        PID:2440
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1056 --field-trial-handle=1292,i,18262231843389068887,17114262620444446040,131072 /prefetch:2
        2⤵
        • Executes dropped EXE
        PID:2592
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1360 --field-trial-handle=1292,i,18262231843389068887,17114262620444446040,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:2772
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1444 --field-trial-handle=1292,i,18262231843389068887,17114262620444446040,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:2784
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1852 --field-trial-handle=1292,i,18262231843389068887,17114262620444446040,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:2988
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1864 --field-trial-handle=1292,i,18262231843389068887,17114262620444446040,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:2080
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1876 --field-trial-handle=1292,i,18262231843389068887,17114262620444446040,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:1116
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1888 --field-trial-handle=1292,i,18262231843389068887,17114262620444446040,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:436
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1900 --field-trial-handle=1292,i,18262231843389068887,17114262620444446040,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:876
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1912 --field-trial-handle=1292,i,18262231843389068887,17114262620444446040,131072 /prefetch:8
        2⤵
        • Executes dropped EXE
        PID:3004
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=1924 --field-trial-handle=1292,i,18262231843389068887,17114262620444446040,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        PID:908
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=1940 --field-trial-handle=1292,i,18262231843389068887,17114262620444446040,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        PID:1628
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=2024 --field-trial-handle=1292,i,18262231843389068887,17114262620444446040,131072 /prefetch:1
        2⤵
        • Executes dropped EXE
        • Checks computer location settings
        PID:2908
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=2028 --field-trial-handle=1292,i,18262231843389068887,17114262620444446040,131072 /prefetch:1
        2⤵
          PID:1584
        • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
          2⤵
          • Executes dropped EXE
          PID:1016
          • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe
            C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x14038ab38,0x14038ab48,0x14038ab58
            3⤵
            • Executes dropped EXE
            PID:1788
        • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
          2⤵
          • Executes dropped EXE
          PID:3044
          • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe
            C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x13f85ab38,0x13f85ab48,0x13f85ab58
            3⤵
            • Executes dropped EXE
            PID:2220
          • C:\Users\Admin\AppData\Local\Temp\.opera\installer.exe
            "C:\Users\Admin\AppData\Local\Temp\.opera\installer.exe" --version
            3⤵
            • Executes dropped EXE
            PID:2808
      • C:\Windows\system32\taskeng.exe
        taskeng.exe {55852BEF-6645-455E-8A76-8AC5F19BD1BA} S-1-5-21-2292972927-2705560509-2768824231-1000:GRXNNIIE\Admin:Interactive:[1]
        1⤵
          PID:2692
          • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
            C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=94.0.4606.76 --newautoupdaterlogic
            2⤵
            • Executes dropped EXE
            PID:2976
            • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
              3⤵
                PID:2380

          Network

          MITRE ATT&CK Enterprise v6

          Replay Monitor

          Loading Replay Monitor...

          Downloads

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
            Filesize

            61KB

            MD5

            fc4666cbca561e864e7fdf883a9e6661

            SHA1

            2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5

            SHA256

            10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b

            SHA512

            c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
            Filesize

            471B

            MD5

            9cbb254ca8da5a4099c66d7dce2d69de

            SHA1

            3f328e1410c5c4ea2fa2b387dbef7c6479ea258c

            SHA256

            f6cad04bfeb909acd5c89c6137fd33b267fa2e021553b3515c82e9d7cfb3fc58

            SHA512

            93fe3387c563d18ea2f9cb96f1d868d1d5a26c0490126242279a6f39a2df53311fc9806ee14b4b0301195a17dd75abc318695aa0a328330820e8fc20b6fed4a4

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            340B

            MD5

            75ba38d9c82b587ba6dddd068f31a89c

            SHA1

            bf45c49c544ad792fe0f39c263693f6049145c66

            SHA256

            3f70ce7e64349cec3f4f603cf9ba7486266380a30632d151f8df3826424ccfdd

            SHA512

            f0e32c442deed3cde0d8f7348066b31d65882a0c620450c0e7b91a23ee9de67a6392e28cd6a1beb1e8f4b9d3ae30583ca0a6725b385ccfcba1d436694edabb75

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
            Filesize

            342B

            MD5

            571cc3f044b12c765105f7f1298a030c

            SHA1

            d4d2ffe59e981cf98977061755f2dda53a6fbfc4

            SHA256

            496412f439bfe17408edc0d051e6844803e6ccf533ef1f6398531fd979819f35

            SHA512

            7512ece48d256fcdb9019f2984a15a5bc9b09f8c796a4e0dd45b1b1f32f34985a2d7842739cadd0042cdab2aee011e9cd6729726d6b3cba214a749a0d3bc929d

            Download Submit

          • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
            Filesize

            404B

            MD5

            4c3d9cef9a30c12f6f296285defde59e

            SHA1

            135a2bfe17084654cc0abbbcfbb6173823ff5ee5

            SHA256

            93bcf52ae276dc2704ec117eb185961a3effb1a7b258c8cbdf4982cc36b16d21

            SHA512

            dace73e2f60468f87338b703f38cb3cc5cc9bdc915e4b71782cf39575f0513816ca59c781ce44babfccf0ba5b7f8bad0d2189ced04409333fda9a86aab05a7dc

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
            Filesize

            2.7MB

            MD5

            ebce91409246d0d473e87cce604b44a8

            SHA1

            84102aee566bba8a63cc915d082ac7b6d1497934

            SHA256

            9b4c9f2b5028d6afd2208d771e28650e84982c3f9a530a098f835357a2c820bd

            SHA512

            0852a750f9ecf55d72d966db2743265a494c002e45462ae1f7725512f005062d98ce32372d8baa6eeb12df707f0ce27c04a02454854f4d10b618d7217f4a6a03

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\assistant\_sfx.exe
            Filesize

            1.7MB

            MD5

            0238df215bf6943892daf85de8ad433a

            SHA1

            3d905e4e2c0e9170df61b7a199321847691f945e

            SHA256

            a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

            SHA512

            fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\assistant\_sfx.exe
            Filesize

            1.7MB

            MD5

            0238df215bf6943892daf85de8ad433a

            SHA1

            3d905e4e2c0e9170df61b7a199321847691f945e

            SHA256

            a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

            SHA512

            fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\assistant\assistant_installer.exe
            Filesize

            2.1MB

            MD5

            9df6e2fbb7e38964f35016bf91ef7424

            SHA1

            d0c1266dc46814bc6165cf6a69e90581228989a7

            SHA256

            3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

            SHA512

            b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\assistant\assistant_installer.exe
            Filesize

            2.1MB

            MD5

            9df6e2fbb7e38964f35016bf91ef7424

            SHA1

            d0c1266dc46814bc6165cf6a69e90581228989a7

            SHA256

            3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

            SHA512

            b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\assistant\assistant_installer.exe
            Filesize

            2.1MB

            MD5

            9df6e2fbb7e38964f35016bf91ef7424

            SHA1

            d0c1266dc46814bc6165cf6a69e90581228989a7

            SHA256

            3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

            SHA512

            b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
            Filesize

            1.8MB

            MD5

            aa4de04ccc16b74a4c2301da8d621ec1

            SHA1

            d05c6d8200f6e6b1283df82d24d687adc47d9664

            SHA256

            e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

            SHA512

            28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
            Filesize

            1.8MB

            MD5

            aa4de04ccc16b74a4c2301da8d621ec1

            SHA1

            d05c6d8200f6e6b1283df82d24d687adc47d9664

            SHA256

            e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

            SHA512

            28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
            Filesize

            1.3MB

            MD5

            ec4efe0ebb80b619737bd26180cc76cc

            SHA1

            7fd72c0eb6bee289e4b2714cf1fb8c197754811b

            SHA256

            b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

            SHA512

            384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
            Filesize

            1.3MB

            MD5

            ec4efe0ebb80b619737bd26180cc76cc

            SHA1

            7fd72c0eb6bee289e4b2714cf1fb8c197754811b

            SHA256

            b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

            SHA512

            384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
            Filesize

            326KB

            MD5

            80d93d38badecdd2b134fe4699721223

            SHA1

            e829e58091bae93bc64e0c6f9f0bac999cfda23d

            SHA256

            c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

            SHA512

            9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
            Filesize

            1.3MB

            MD5

            e801c5847f5f9d207db53aaaf5c6f3a2

            SHA1

            8e6818ce66555e2cca92e5c5f32551fb4a91645e

            SHA256

            196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

            SHA512

            303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
            Filesize

            1.3MB

            MD5

            e801c5847f5f9d207db53aaaf5c6f3a2

            SHA1

            8e6818ce66555e2cca92e5c5f32551fb4a91645e

            SHA256

            196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

            SHA512

            303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
            Filesize

            326KB

            MD5

            80d93d38badecdd2b134fe4699721223

            SHA1

            e829e58091bae93bc64e0c6f9f0bac999cfda23d

            SHA256

            c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

            SHA512

            9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            Filesize

            2.7MB

            MD5

            ebce91409246d0d473e87cce604b44a8

            SHA1

            84102aee566bba8a63cc915d082ac7b6d1497934

            SHA256

            9b4c9f2b5028d6afd2208d771e28650e84982c3f9a530a098f835357a2c820bd

            SHA512

            0852a750f9ecf55d72d966db2743265a494c002e45462ae1f7725512f005062d98ce32372d8baa6eeb12df707f0ce27c04a02454854f4d10b618d7217f4a6a03

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            Filesize

            2.7MB

            MD5

            ebce91409246d0d473e87cce604b44a8

            SHA1

            84102aee566bba8a63cc915d082ac7b6d1497934

            SHA256

            9b4c9f2b5028d6afd2208d771e28650e84982c3f9a530a098f835357a2c820bd

            SHA512

            0852a750f9ecf55d72d966db2743265a494c002e45462ae1f7725512f005062d98ce32372d8baa6eeb12df707f0ce27c04a02454854f4d10b618d7217f4a6a03

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            Filesize

            2.7MB

            MD5

            ebce91409246d0d473e87cce604b44a8

            SHA1

            84102aee566bba8a63cc915d082ac7b6d1497934

            SHA256

            9b4c9f2b5028d6afd2208d771e28650e84982c3f9a530a098f835357a2c820bd

            SHA512

            0852a750f9ecf55d72d966db2743265a494c002e45462ae1f7725512f005062d98ce32372d8baa6eeb12df707f0ce27c04a02454854f4d10b618d7217f4a6a03

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            Filesize

            2.7MB

            MD5

            ebce91409246d0d473e87cce604b44a8

            SHA1

            84102aee566bba8a63cc915d082ac7b6d1497934

            SHA256

            9b4c9f2b5028d6afd2208d771e28650e84982c3f9a530a098f835357a2c820bd

            SHA512

            0852a750f9ecf55d72d966db2743265a494c002e45462ae1f7725512f005062d98ce32372d8baa6eeb12df707f0ce27c04a02454854f4d10b618d7217f4a6a03

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            Filesize

            2.7MB

            MD5

            ebce91409246d0d473e87cce604b44a8

            SHA1

            84102aee566bba8a63cc915d082ac7b6d1497934

            SHA256

            9b4c9f2b5028d6afd2208d771e28650e84982c3f9a530a098f835357a2c820bd

            SHA512

            0852a750f9ecf55d72d966db2743265a494c002e45462ae1f7725512f005062d98ce32372d8baa6eeb12df707f0ce27c04a02454854f4d10b618d7217f4a6a03

            Download Submit

          • C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
            Filesize

            602B

            MD5

            74791b1340beefa4b3ed3a4fc4442ff3

            SHA1

            5b07e38767950d31732f2e0fbed01723008dc137

            SHA256

            d1a1d15ffe7df7546def3525a612c17758222166c1cde3b7dce3df422a5c4178

            SHA512

            70fe75b8e0e7127a249248ebf221c6b575328d211e2a86b92a94ddd5159dddbf733c627d2da37f5ef0714ec924e548746eb1827f15995e5f5ed3a43ff750fdf5

            Download Submit

          • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
            Filesize

            40B

            MD5

            a8a7e96f827680f8335dc12a1b4711ed

            SHA1

            bfd755b77aa9ecff9b1ffc16c30500096dd58710

            SHA256

            996c24d48c4ba262e286a33da557510399d22fafa64baed430604ca91b9a7e0d

            SHA512

            9b204df1b906a0c9162ee5636ae70653f4bf5b899682caaa26f7e8c9d7fd87f08c3069b4beeabac9c0f1f53cbb159cf1a12d00b00163b1ceb1827be02011451e

            Download Submit

          • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
            Filesize

            2.7MB

            MD5

            ebce91409246d0d473e87cce604b44a8

            SHA1

            84102aee566bba8a63cc915d082ac7b6d1497934

            SHA256

            9b4c9f2b5028d6afd2208d771e28650e84982c3f9a530a098f835357a2c820bd

            SHA512

            0852a750f9ecf55d72d966db2743265a494c002e45462ae1f7725512f005062d98ce32372d8baa6eeb12df707f0ce27c04a02454854f4d10b618d7217f4a6a03

            Download Submit

          • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\assistant\_sfx.exe
            Filesize

            1.7MB

            MD5

            0238df215bf6943892daf85de8ad433a

            SHA1

            3d905e4e2c0e9170df61b7a199321847691f945e

            SHA256

            a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

            SHA512

            fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

            Download Submit

          • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\assistant\assistant_installer.exe
            Filesize

            2.1MB

            MD5

            9df6e2fbb7e38964f35016bf91ef7424

            SHA1

            d0c1266dc46814bc6165cf6a69e90581228989a7

            SHA256

            3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

            SHA512

            b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

            Download Submit

          • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\assistant\assistant_installer.exe
            Filesize

            2.1MB

            MD5

            9df6e2fbb7e38964f35016bf91ef7424

            SHA1

            d0c1266dc46814bc6165cf6a69e90581228989a7

            SHA256

            3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

            SHA512

            b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

            Download Submit

          • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\opera_package
            Filesize

            86.7MB

            MD5

            038275aad393989e8c0b6634da083fc7

            SHA1

            65b4ebd22a289935b71d41077a06eeda11eed154

            SHA256

            ac96d0fca59c713690e2dd0d899c90d0c27ad4784f8425656ae14aefdaca3d05

            SHA512

            2dd5bdfa1e500232ac0ac06030db3b73b3a5af2a8d9fa1601913deeb853ec99249387bc96f5efa25919fa3ef2bf1c512e21dd07b2baecccacfa90548cd21a4d8

            Download Submit

          • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011400401\opera_package
            Filesize

            86.7MB

            MD5

            038275aad393989e8c0b6634da083fc7

            SHA1

            65b4ebd22a289935b71d41077a06eeda11eed154

            SHA256

            ac96d0fca59c713690e2dd0d899c90d0c27ad4784f8425656ae14aefdaca3d05

            SHA512

            2dd5bdfa1e500232ac0ac06030db3b73b3a5af2a8d9fa1601913deeb853ec99249387bc96f5efa25919fa3ef2bf1c512e21dd07b2baecccacfa90548cd21a4d8

            Download Submit

          • \Users\Admin\AppData\Local\Temp\Opera_installer_2302011400368191788.dll
            Filesize

            4.3MB

            MD5

            832ae69091fba73338df9103db4f8be1

            SHA1

            d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

            SHA256

            191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

            SHA512

            b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

            Download Submit

          • \Users\Admin\AppData\Local\Temp\Opera_installer_2302011400384102044.dll
            Filesize

            4.3MB

            MD5

            832ae69091fba73338df9103db4f8be1

            SHA1

            d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

            SHA256

            191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

            SHA512

            b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

            Download Submit

          • \Users\Admin\AppData\Local\Temp\Opera_installer_230201140040781636.dll
            Filesize

            4.3MB

            MD5

            832ae69091fba73338df9103db4f8be1

            SHA1

            d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

            SHA256

            191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

            SHA512

            b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

            Download Submit

          • \Users\Admin\AppData\Local\Temp\Opera_installer_2302011400415451112.dll
            Filesize

            4.3MB

            MD5

            832ae69091fba73338df9103db4f8be1

            SHA1

            d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

            SHA256

            191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

            SHA512

            b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

            Download Submit

          • \Users\Admin\AppData\Local\Temp\Opera_installer_2302011400420291616.dll
            Filesize

            4.3MB

            MD5

            832ae69091fba73338df9103db4f8be1

            SHA1

            d386710f4a8b5cfcf0ef2e0acc73f4dd883094b7

            SHA256

            191b3d16fa277b5dcbaa342ccafaea28c3ad25ddc1f9fa6ab2f3e23d46931e47

            SHA512

            b14835a3ac8e0a1089ded8620b2664ef2f1c86392f979ea4ac4e53eca97e1fbf3327ad40e8ea496bd9d4be36490cd781a12987e500d09d8d023847b90c76c387

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
            Filesize

            1.8MB

            MD5

            aa4de04ccc16b74a4c2301da8d621ec1

            SHA1

            d05c6d8200f6e6b1283df82d24d687adc47d9664

            SHA256

            e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

            SHA512

            28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
            Filesize

            1.8MB

            MD5

            aa4de04ccc16b74a4c2301da8d621ec1

            SHA1

            d05c6d8200f6e6b1283df82d24d687adc47d9664

            SHA256

            e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

            SHA512

            28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
            Filesize

            1.8MB

            MD5

            aa4de04ccc16b74a4c2301da8d621ec1

            SHA1

            d05c6d8200f6e6b1283df82d24d687adc47d9664

            SHA256

            e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

            SHA512

            28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
            Filesize

            1.8MB

            MD5

            aa4de04ccc16b74a4c2301da8d621ec1

            SHA1

            d05c6d8200f6e6b1283df82d24d687adc47d9664

            SHA256

            e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

            SHA512

            28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
            Filesize

            1.8MB

            MD5

            aa4de04ccc16b74a4c2301da8d621ec1

            SHA1

            d05c6d8200f6e6b1283df82d24d687adc47d9664

            SHA256

            e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

            SHA512

            28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
            Filesize

            1.8MB

            MD5

            aa4de04ccc16b74a4c2301da8d621ec1

            SHA1

            d05c6d8200f6e6b1283df82d24d687adc47d9664

            SHA256

            e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

            SHA512

            28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
            Filesize

            1.7MB

            MD5

            1bbf5dd0b6ca80e4c7c77495c3f33083

            SHA1

            e0520037e60eb641ec04d1e814394c9da0a6a862

            SHA256

            bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

            SHA512

            97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
            Filesize

            97KB

            MD5

            da1d0cd400e0b6ad6415fd4d90f69666

            SHA1

            de9083d2902906cacf57259cf581b1466400b799

            SHA256

            7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

            SHA512

            f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
            Filesize

            1.3MB

            MD5

            ec4efe0ebb80b619737bd26180cc76cc

            SHA1

            7fd72c0eb6bee289e4b2714cf1fb8c197754811b

            SHA256

            b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

            SHA512

            384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
            Filesize

            1.3MB

            MD5

            ec4efe0ebb80b619737bd26180cc76cc

            SHA1

            7fd72c0eb6bee289e4b2714cf1fb8c197754811b

            SHA256

            b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

            SHA512

            384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
            Filesize

            1.3MB

            MD5

            ec4efe0ebb80b619737bd26180cc76cc

            SHA1

            7fd72c0eb6bee289e4b2714cf1fb8c197754811b

            SHA256

            b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

            SHA512

            384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
            Filesize

            1.3MB

            MD5

            ec4efe0ebb80b619737bd26180cc76cc

            SHA1

            7fd72c0eb6bee289e4b2714cf1fb8c197754811b

            SHA256

            b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

            SHA512

            384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
            Filesize

            1.3MB

            MD5

            ec4efe0ebb80b619737bd26180cc76cc

            SHA1

            7fd72c0eb6bee289e4b2714cf1fb8c197754811b

            SHA256

            b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

            SHA512

            384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
            Filesize

            326KB

            MD5

            80d93d38badecdd2b134fe4699721223

            SHA1

            e829e58091bae93bc64e0c6f9f0bac999cfda23d

            SHA256

            c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

            SHA512

            9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
            Filesize

            1.3MB

            MD5

            e801c5847f5f9d207db53aaaf5c6f3a2

            SHA1

            8e6818ce66555e2cca92e5c5f32551fb4a91645e

            SHA256

            196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

            SHA512

            303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
            Filesize

            1.3MB

            MD5

            e801c5847f5f9d207db53aaaf5c6f3a2

            SHA1

            8e6818ce66555e2cca92e5c5f32551fb4a91645e

            SHA256

            196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

            SHA512

            303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
            Filesize

            1.3MB

            MD5

            e801c5847f5f9d207db53aaaf5c6f3a2

            SHA1

            8e6818ce66555e2cca92e5c5f32551fb4a91645e

            SHA256

            196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

            SHA512

            303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
            Filesize

            1.3MB

            MD5

            e801c5847f5f9d207db53aaaf5c6f3a2

            SHA1

            8e6818ce66555e2cca92e5c5f32551fb4a91645e

            SHA256

            196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

            SHA512

            303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
            Filesize

            1.3MB

            MD5

            e801c5847f5f9d207db53aaaf5c6f3a2

            SHA1

            8e6818ce66555e2cca92e5c5f32551fb4a91645e

            SHA256

            196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

            SHA512

            303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

            Download Submit

          • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
            Filesize

            326KB

            MD5

            80d93d38badecdd2b134fe4699721223

            SHA1

            e829e58091bae93bc64e0c6f9f0bac999cfda23d

            SHA256

            c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

            SHA512

            9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

            Download Submit

          • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            Filesize

            2.7MB

            MD5

            ebce91409246d0d473e87cce604b44a8

            SHA1

            84102aee566bba8a63cc915d082ac7b6d1497934

            SHA256

            9b4c9f2b5028d6afd2208d771e28650e84982c3f9a530a098f835357a2c820bd

            SHA512

            0852a750f9ecf55d72d966db2743265a494c002e45462ae1f7725512f005062d98ce32372d8baa6eeb12df707f0ce27c04a02454854f4d10b618d7217f4a6a03

            Download Submit

          • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            Filesize

            2.7MB

            MD5

            ebce91409246d0d473e87cce604b44a8

            SHA1

            84102aee566bba8a63cc915d082ac7b6d1497934

            SHA256

            9b4c9f2b5028d6afd2208d771e28650e84982c3f9a530a098f835357a2c820bd

            SHA512

            0852a750f9ecf55d72d966db2743265a494c002e45462ae1f7725512f005062d98ce32372d8baa6eeb12df707f0ce27c04a02454854f4d10b618d7217f4a6a03

            Download Submit

          • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            Filesize

            2.7MB

            MD5

            ebce91409246d0d473e87cce604b44a8

            SHA1

            84102aee566bba8a63cc915d082ac7b6d1497934

            SHA256

            9b4c9f2b5028d6afd2208d771e28650e84982c3f9a530a098f835357a2c820bd

            SHA512

            0852a750f9ecf55d72d966db2743265a494c002e45462ae1f7725512f005062d98ce32372d8baa6eeb12df707f0ce27c04a02454854f4d10b618d7217f4a6a03

            Download Submit

          • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            Filesize

            2.7MB

            MD5

            ebce91409246d0d473e87cce604b44a8

            SHA1

            84102aee566bba8a63cc915d082ac7b6d1497934

            SHA256

            9b4c9f2b5028d6afd2208d771e28650e84982c3f9a530a098f835357a2c820bd

            SHA512

            0852a750f9ecf55d72d966db2743265a494c002e45462ae1f7725512f005062d98ce32372d8baa6eeb12df707f0ce27c04a02454854f4d10b618d7217f4a6a03

            Download Submit

          • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            Filesize

            2.7MB

            MD5

            ebce91409246d0d473e87cce604b44a8

            SHA1

            84102aee566bba8a63cc915d082ac7b6d1497934

            SHA256

            9b4c9f2b5028d6afd2208d771e28650e84982c3f9a530a098f835357a2c820bd

            SHA512

            0852a750f9ecf55d72d966db2743265a494c002e45462ae1f7725512f005062d98ce32372d8baa6eeb12df707f0ce27c04a02454854f4d10b618d7217f4a6a03

            Download Submit

          • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            Filesize

            2.7MB

            MD5

            ebce91409246d0d473e87cce604b44a8

            SHA1

            84102aee566bba8a63cc915d082ac7b6d1497934

            SHA256

            9b4c9f2b5028d6afd2208d771e28650e84982c3f9a530a098f835357a2c820bd

            SHA512

            0852a750f9ecf55d72d966db2743265a494c002e45462ae1f7725512f005062d98ce32372d8baa6eeb12df707f0ce27c04a02454854f4d10b618d7217f4a6a03

            Download Submit

          • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            Filesize

            2.7MB

            MD5

            ebce91409246d0d473e87cce604b44a8

            SHA1

            84102aee566bba8a63cc915d082ac7b6d1497934

            SHA256

            9b4c9f2b5028d6afd2208d771e28650e84982c3f9a530a098f835357a2c820bd

            SHA512

            0852a750f9ecf55d72d966db2743265a494c002e45462ae1f7725512f005062d98ce32372d8baa6eeb12df707f0ce27c04a02454854f4d10b618d7217f4a6a03

            Download Submit

          • memory/436-383-0x000007FEFBCA1000-0x000007FEFBCA3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/636-125-0x0000000000400000-0x0000000000908000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/876-414-0x000007FEFBCA1000-0x000007FEFBCA3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/916-54-0x0000000076091000-0x0000000076093000-memory.dmp

            Filesize

            8KB

            Download

          • memory/916-65-0x0000000002D50000-0x0000000003138000-memory.dmp

            Filesize

            3.9MB

            Download

          • memory/916-66-0x0000000002D50000-0x0000000003138000-memory.dmp

            Filesize

            3.9MB

            Download

          • memory/1108-115-0x0000000001090000-0x0000000001478000-memory.dmp

            Filesize

            3.9MB

            Download

          • memory/1108-99-0x0000000001090000-0x0000000001478000-memory.dmp

            Filesize

            3.9MB

            Download

          • memory/1108-101-0x0000000000F70000-0x0000000000F80000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1112-141-0x0000000000400000-0x0000000000908000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/1112-142-0x0000000002850000-0x0000000002D58000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/1112-179-0x0000000000400000-0x0000000000908000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/1116-352-0x000007FEFBCA1000-0x000007FEFBCA3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1184-167-0x000007FEFBCA1000-0x000007FEFBCA3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1212-81-0x0000000003040000-0x0000000003050000-memory.dmp

            Filesize

            64KB

            Download

          • memory/1212-71-0x0000000000720000-0x000000000074C000-memory.dmp

            Filesize

            176KB

            Download

          • memory/1212-544-0x0000000010000000-0x0000000010051000-memory.dmp

            Filesize

            324KB

            Download

          • memory/1212-72-0x00000000002D0000-0x00000000006B8000-memory.dmp

            Filesize

            3.9MB

            Download

          • memory/1212-67-0x00000000002D0000-0x00000000006B8000-memory.dmp

            Filesize

            3.9MB

            Download

          • memory/1212-70-0x0000000010000000-0x0000000010051000-memory.dmp

            Filesize

            324KB

            Download

          • memory/1332-96-0x0000000002E60000-0x0000000003248000-memory.dmp

            Filesize

            3.9MB

            Download

          • memory/1332-97-0x0000000002E60000-0x0000000003248000-memory.dmp

            Filesize

            3.9MB

            Download

          • memory/1332-98-0x0000000002E60000-0x0000000003248000-memory.dmp

            Filesize

            3.9MB

            Download

          • memory/1616-143-0x0000000000400000-0x0000000000908000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/1616-188-0x0000000000400000-0x0000000000908000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/1628-503-0x000007FEFBCA1000-0x000007FEFBCA3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/1788-128-0x0000000002FD0000-0x00000000034D8000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/1788-155-0x0000000002FD0000-0x00000000034D8000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/1788-154-0x00000000037A0000-0x0000000003CA8000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/1788-146-0x0000000002920000-0x0000000002E28000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/1788-189-0x0000000000400000-0x0000000000908000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/1788-117-0x0000000000400000-0x0000000000908000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/1788-118-0x0000000002920000-0x0000000002E28000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/2044-119-0x0000000000400000-0x0000000000908000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/2044-190-0x0000000000400000-0x0000000000908000-memory.dmp

            Filesize

            5.0MB

            Download

          • memory/2080-322-0x000007FEFBCA1000-0x000007FEFBCA3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2096-191-0x0000000002310000-0x0000000002320000-memory.dmp

            Filesize

            64KB

            Download

          • memory/2424-554-0x00000000051A0000-0x00000000051AA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2424-550-0x00000000051A0000-0x00000000051AA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2424-551-0x00000000051A0000-0x00000000051AA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2424-555-0x00000000051A0000-0x00000000051AA000-memory.dmp

            Filesize

            40KB

            Download

          • memory/2784-260-0x000007FEFBCA1000-0x000007FEFBCA3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2908-537-0x000007FEFBCA1000-0x000007FEFBCA3000-memory.dmp

            Filesize

            8KB

            Download

          • memory/2988-288-0x000007FEFBCA1000-0x000007FEFBCA3000-memory.dmp

            Filesize

            8KB

            Download