Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

TLauncher-....1.exe

windows7-x64

8

TLauncher-....1.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    01/02/2023, 17:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-2.86-Installer-1.0.1.exe

  • Size

    21.7MB

  • MD5

    f643be370cc9763a17f7746b1b6a0243

  • SHA1

    c65391f59a6e1421d783eaf43eb9661cfd476f82

  • SHA256

    5ab5f39d143b6ff77df2fd5026ac8e4788edfd3de27a4e1fa4b420a7d2f61d38

  • SHA512

    5ce377dc1a4a59723cf2b969c0cadb3197e5bf61d0064e2e8c94a0be9d4fd1cd9b33e05078a17e89f54b763e180be32ce14b46949a58ff47e5df18183291142f

  • SSDEEP

    393216:WXYwVCtYto0fs/dQETVlOBbpFEj9GZdqV56HpkbGCST7yuk9sLx:WowVCWTHExiTTqqHpMsV

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 43 IoCs
  • UPX packed file 42 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 7 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 3 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 9 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2024
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1908426 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe" "__IRCT:3" "__IRTSS:22693301" "__IRSID:S-1-5-21-3406023954-474543476-3319432036-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1976
      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:1436
        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1814730 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1839152" "__IRSID:S-1-5-21-3406023954-474543476-3319432036-1000"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies system certificate store
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1812
          • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Enumerates connected drives
            • Modifies system certificate store
            • Suspicious use of WriteProcessMemory
            PID:1692
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x70d6e428,0x70d6e438,0x70d6e444
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1352
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1388
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1692 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230201184751" --session-guid=1e561cd2-8bc4-4f52-a57a-3d9ec8b19c0f --server-tracking-blob=Y2JjZDk0YWRmMTBhNTdiYzU4ZjgzNjY5YTE2YTVmNTUxMGRhYWEyNWRkYjA5MDVlNWY3MDE5NTJiMjlhMmVhODp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzUyNzM2NjcuMTg5MyIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiMGEzMTg0MDMtNDQyOS00ZDYzLTg4ODktN2VmZjE5ZTAwZmZmIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=3C03000000000000
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Enumerates connected drives
              • Suspicious use of WriteProcessMemory
              PID:1056
              • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x7027e428,0x7027e438,0x7027e444
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:2004
              • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\installer.exe
                "C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\installer.exe" --backend --initial-pid=1692 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511" --session-guid=1e561cd2-8bc4-4f52-a57a-3d9ec8b19c0f --server-tracking-blob=Y2JjZDk0YWRmMTBhNTdiYzU4ZjgzNjY5YTE2YTVmNTUxMGRhYWEyNWRkYjA5MDVlNWY3MDE5NTJiMjlhMmVhODp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzUyNzM2NjcuMTg5MyIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiMGEzMTg0MDMtNDQyOS00ZDYzLTg4ODktN2VmZjE5ZTAwZmZmIn0= --silent --desktopshortcut=1 --install-subfolder=95.0.4635.25
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Enumerates connected drives
                • Modifies registry class
                PID:1436
                • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\installer.exe
                  C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x174,0x178,0x17c,0x148,0x180,0x7fef5faa908,0x7fef5faa918,0x7fef5faa928
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:984
                • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                  "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:920
                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Enumerates system info in registry
                    • Suspicious use of AdjustPrivilegeToken
                    PID:692
                    • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_crashreporter.exe
                      C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feee321a18,0x7feee321a28,0x7feee321a38
                      10⤵
                      • Executes dropped EXE
                      PID:1964
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1056 --field-trial-handle=1208,i,17265171488291090457,17365647623059031030,131072 /prefetch:2
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:2196
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1364 --field-trial-handle=1208,i,17265171488291090457,17365647623059031030,131072 /prefetch:8
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:2320
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\assistant\_sfx.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\assistant\_sfx.exe"
              6⤵
              • Executes dropped EXE
              PID:748
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\assistant\assistant_installer.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\assistant\assistant_installer.exe" --version
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1968
              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\assistant\assistant_installer.exe
                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0xb82dc0,0xb82dd0,0xb82ddc
                7⤵
                • Executes dropped EXE
                PID:1492
  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
    1⤵
    • Executes dropped EXE
    • Checks computer location settings
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2448
    • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_crashreporter.exe
      C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0xd551a18,0xd551a28,0xd551a38
      2⤵
      • Executes dropped EXE
      PID:2484
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1076 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:2
      2⤵
      • Executes dropped EXE
      PID:2624
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1444 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2728
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1528 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2764
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2068 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2984
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2092 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:896
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2080 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:3068
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2116 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:572
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2104 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2260
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2128 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2436
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=2176 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:2404
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=2192 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:2492
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=3100 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:3032
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=3124 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:1716
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=3156 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:1616
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=3164 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:1
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      PID:2248
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=2176 --field-trial-handle=1160,i,9808024521469403303,3925142569687785288,131072 /prefetch:1
      2⤵
        PID:2644
      • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_autoupdate.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
        2⤵
        • Executes dropped EXE
        PID:1064
        • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_autoupdate.exe
          C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x13fa7cbd8,0x13fa7cbe8,0x13fa7cbf8
          3⤵
          • Executes dropped EXE
          PID:2188
    • C:\Windows\system32\taskeng.exe
      taskeng.exe {A1D7D55F-5766-4506-B11B-ABFEC2DA1A12} S-1-5-21-3406023954-474543476-3319432036-1000:VUIIVLGQ\Admin:Interactive:[1]
      1⤵
        PID:2212
        • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
          C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=95.0.4635.25 --newautoupdaterlogic
          2⤵
          • Executes dropped EXE
          PID:2272
          • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
            "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
            3⤵
            • Executes dropped EXE
            PID:2064
          • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_autoupdate.exe
            "C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_autoupdate.exe" --pipeid=oauc_task_pipedcbb8f53eff625f232ff45d764476217 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015" --scheduledtask
            3⤵
            • Executes dropped EXE
            PID:2396
            • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_autoupdate.exe
              C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_autoupdate.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\Crash Reports" --crash-count-file=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\crash_count.txt --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x13fa7cbd8,0x13fa7cbe8,0x13fa7cbf8
              4⤵
              • Executes dropped EXE
              PID:1828
            • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
              4⤵
              • Executes dropped EXE
              PID:2472

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
        Filesize

        471B

        MD5

        9cbb254ca8da5a4099c66d7dce2d69de

        SHA1

        3f328e1410c5c4ea2fa2b387dbef7c6479ea258c

        SHA256

        f6cad04bfeb909acd5c89c6137fd33b267fa2e021553b3515c82e9d7cfb3fc58

        SHA512

        93fe3387c563d18ea2f9cb96f1d868d1d5a26c0490126242279a6f39a2df53311fc9806ee14b4b0301195a17dd75abc318695aa0a328330820e8fc20b6fed4a4

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        b2132bf969986037d40a560e70747382

        SHA1

        f6af3edf31176a4ba75c5875545325d8c16de92a

        SHA256

        c2dd929da3c5ce4c40c08d8fb293534dbf2464a119eaaeae81cb5d51cb8d4636

        SHA512

        f4983861f5e9562c6f6ce047a06b402d2278b03e2638a19c267e0ebd7295b115295314a014ec791d9096ae700a964ff6d285678de87c15e031a95f2655fb7f71

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
        Filesize

        404B

        MD5

        6abc08770feb1b62a2caace364688f10

        SHA1

        0da6b70f2b6127dc2e676410038f34c337db5851

        SHA256

        637f73225816aec3345f41156ebe111ec12a44c1b1335d24b0f59ef490e79d52

        SHA512

        f69b6ca9922404dda3b288963130f9d001f42bc9be88e7dafe94637413e39b9dd8120389aacc946ecacbb16fcbf44f1e13cc3be32c433cae9d33fc77ab01be21

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        a9c1ddca7e1328048e1c690c4296a5a2

        SHA1

        f510cb03923961dcf68e953994b5ee26380af1fd

        SHA256

        57255825f783fea3d0c8370755eb7ed5ed56b76a7bf876a19b83bc68333c68c1

        SHA512

        00e87d6339b11ac64d199f21395f934b5488113eb06af20bf018047c4b542ca836d3a27f3acd7c8ed1bca08d0e4be39af86e43cd7856d501ce51e9bb75f3e487

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\assistant\_sfx.exe
        Filesize

        1.7MB

        MD5

        0238df215bf6943892daf85de8ad433a

        SHA1

        3d905e4e2c0e9170df61b7a199321847691f945e

        SHA256

        a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

        SHA512

        fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\assistant\_sfx.exe
        Filesize

        1.7MB

        MD5

        0238df215bf6943892daf85de8ad433a

        SHA1

        3d905e4e2c0e9170df61b7a199321847691f945e

        SHA256

        a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

        SHA512

        fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        f8996d2158a69a12b4bc99edd28100bc

        SHA1

        892887691df881fe432e09b618e90f50447340e6

        SHA256

        866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

        SHA512

        d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        f8996d2158a69a12b4bc99edd28100bc

        SHA1

        892887691df881fe432e09b618e90f50447340e6

        SHA256

        866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

        SHA512

        d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        1313bb5df6c6e0d5c358735044fbebef

        SHA1

        cac3e2e3ed63dc147318e18f202a9da849830a91

        SHA256

        7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

        SHA512

        596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        1313bb5df6c6e0d5c358735044fbebef

        SHA1

        cac3e2e3ed63dc147318e18f202a9da849830a91

        SHA256

        7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

        SHA512

        596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e7bbc7b426cee4b8027a00b11f06ef34

        SHA1

        926fad387ede328d3cfd9da80d0b303a865cca98

        SHA256

        e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

        SHA512

        f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e7bbc7b426cee4b8027a00b11f06ef34

        SHA1

        926fad387ede328d3cfd9da80d0b303a865cca98

        SHA256

        e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

        SHA512

        f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        a9c1ddca7e1328048e1c690c4296a5a2

        SHA1

        f510cb03923961dcf68e953994b5ee26380af1fd

        SHA256

        57255825f783fea3d0c8370755eb7ed5ed56b76a7bf876a19b83bc68333c68c1

        SHA512

        00e87d6339b11ac64d199f21395f934b5488113eb06af20bf018047c4b542ca836d3a27f3acd7c8ed1bca08d0e4be39af86e43cd7856d501ce51e9bb75f3e487

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        a9c1ddca7e1328048e1c690c4296a5a2

        SHA1

        f510cb03923961dcf68e953994b5ee26380af1fd

        SHA256

        57255825f783fea3d0c8370755eb7ed5ed56b76a7bf876a19b83bc68333c68c1

        SHA512

        00e87d6339b11ac64d199f21395f934b5488113eb06af20bf018047c4b542ca836d3a27f3acd7c8ed1bca08d0e4be39af86e43cd7856d501ce51e9bb75f3e487

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        a9c1ddca7e1328048e1c690c4296a5a2

        SHA1

        f510cb03923961dcf68e953994b5ee26380af1fd

        SHA256

        57255825f783fea3d0c8370755eb7ed5ed56b76a7bf876a19b83bc68333c68c1

        SHA512

        00e87d6339b11ac64d199f21395f934b5488113eb06af20bf018047c4b542ca836d3a27f3acd7c8ed1bca08d0e4be39af86e43cd7856d501ce51e9bb75f3e487

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        a9c1ddca7e1328048e1c690c4296a5a2

        SHA1

        f510cb03923961dcf68e953994b5ee26380af1fd

        SHA256

        57255825f783fea3d0c8370755eb7ed5ed56b76a7bf876a19b83bc68333c68c1

        SHA512

        00e87d6339b11ac64d199f21395f934b5488113eb06af20bf018047c4b542ca836d3a27f3acd7c8ed1bca08d0e4be39af86e43cd7856d501ce51e9bb75f3e487

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        a9c1ddca7e1328048e1c690c4296a5a2

        SHA1

        f510cb03923961dcf68e953994b5ee26380af1fd

        SHA256

        57255825f783fea3d0c8370755eb7ed5ed56b76a7bf876a19b83bc68333c68c1

        SHA512

        00e87d6339b11ac64d199f21395f934b5488113eb06af20bf018047c4b542ca836d3a27f3acd7c8ed1bca08d0e4be39af86e43cd7856d501ce51e9bb75f3e487

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
        Filesize

        601B

        MD5

        533163d6431b8e76d89ff95d1330f4ac

        SHA1

        12f2fe1c228d7f67f794b54541f9aef0c6d3f060

        SHA256

        fb86fdd70ca7a1318d8813400135b0c6c319e9baba3c740f46c25e05bb00ff70

        SHA512

        c18db6c77c5b859c1a0c4972c250b93ca7c6b8cdd285e196407b3a1b07be3e50d20f10def2005c473ba52d593994df183431891914a203f5797772e61facc6c7

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
        Filesize

        40B

        MD5

        10c3fe29de6a28164e9a5c7e8b5a0c59

        SHA1

        789ff45e3e2e1a4d6a2fd275fbb6a4985e3d0439

        SHA256

        954f6ba1fa5f2f1dfa27f4d78f1643afe8580b39146e13fb64693e4a3d12f152

        SHA512

        3e63db10b1c29c7ada674e3af6411a4152ad00bd2c34ffaa6f40f7986c980eb3b4891f0a009c8779a6c1282689fce38fb9e47657ea0ded4f85cc27a1e85ca268

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
        Filesize

        40B

        MD5

        10c3fe29de6a28164e9a5c7e8b5a0c59

        SHA1

        789ff45e3e2e1a4d6a2fd275fbb6a4985e3d0439

        SHA256

        954f6ba1fa5f2f1dfa27f4d78f1643afe8580b39146e13fb64693e4a3d12f152

        SHA512

        3e63db10b1c29c7ada674e3af6411a4152ad00bd2c34ffaa6f40f7986c980eb3b4891f0a009c8779a6c1282689fce38fb9e47657ea0ded4f85cc27a1e85ca268

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        a9c1ddca7e1328048e1c690c4296a5a2

        SHA1

        f510cb03923961dcf68e953994b5ee26380af1fd

        SHA256

        57255825f783fea3d0c8370755eb7ed5ed56b76a7bf876a19b83bc68333c68c1

        SHA512

        00e87d6339b11ac64d199f21395f934b5488113eb06af20bf018047c4b542ca836d3a27f3acd7c8ed1bca08d0e4be39af86e43cd7856d501ce51e9bb75f3e487

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\assistant\_sfx.exe
        Filesize

        1.7MB

        MD5

        0238df215bf6943892daf85de8ad433a

        SHA1

        3d905e4e2c0e9170df61b7a199321847691f945e

        SHA256

        a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

        SHA512

        fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\opera_package
        Filesize

        86.8MB

        MD5

        7f98c2aa3a2b1a46caf94752d2e73907

        SHA1

        105b7b96c23d403008f603a1e3cc4c7162884fe3

        SHA256

        8f85c61fe1ca76f4c8e2dcb5f51758de73c85d25817cfab70540fa193d3ee417

        SHA512

        57f46f5af493f73472f7c664f12156cf8e18126a3f91e4c313d1ec185c78dad9301e09db38396cf811ada24eecd01b4b705384ca61da5f640c7ad38f3860b1e0

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302011847511\opera_package
        Filesize

        86.8MB

        MD5

        7f98c2aa3a2b1a46caf94752d2e73907

        SHA1

        105b7b96c23d403008f603a1e3cc4c7162884fe3

        SHA256

        8f85c61fe1ca76f4c8e2dcb5f51758de73c85d25817cfab70540fa193d3ee417

        SHA512

        57f46f5af493f73472f7c664f12156cf8e18126a3f91e4c313d1ec185c78dad9301e09db38396cf811ada24eecd01b4b705384ca61da5f640c7ad38f3860b1e0

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302011847488751692.dll
        Filesize

        4.6MB

        MD5

        914ec7fb3d69e977440248ef30323636

        SHA1

        2aa31e599769f34d0cb6e979947ca5728db9b009

        SHA256

        528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

        SHA512

        ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302011847500761352.dll
        Filesize

        4.6MB

        MD5

        914ec7fb3d69e977440248ef30323636

        SHA1

        2aa31e599769f34d0cb6e979947ca5728db9b009

        SHA256

        528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

        SHA512

        ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302011847512461388.dll
        Filesize

        4.6MB

        MD5

        914ec7fb3d69e977440248ef30323636

        SHA1

        2aa31e599769f34d0cb6e979947ca5728db9b009

        SHA256

        528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

        SHA512

        ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302011847529941056.dll
        Filesize

        4.6MB

        MD5

        914ec7fb3d69e977440248ef30323636

        SHA1

        2aa31e599769f34d0cb6e979947ca5728db9b009

        SHA256

        528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

        SHA512

        ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302011847534622004.dll
        Filesize

        4.6MB

        MD5

        914ec7fb3d69e977440248ef30323636

        SHA1

        2aa31e599769f34d0cb6e979947ca5728db9b009

        SHA256

        528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

        SHA512

        ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        f8996d2158a69a12b4bc99edd28100bc

        SHA1

        892887691df881fe432e09b618e90f50447340e6

        SHA256

        866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

        SHA512

        d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        f8996d2158a69a12b4bc99edd28100bc

        SHA1

        892887691df881fe432e09b618e90f50447340e6

        SHA256

        866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

        SHA512

        d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        f8996d2158a69a12b4bc99edd28100bc

        SHA1

        892887691df881fe432e09b618e90f50447340e6

        SHA256

        866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

        SHA512

        d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        f8996d2158a69a12b4bc99edd28100bc

        SHA1

        892887691df881fe432e09b618e90f50447340e6

        SHA256

        866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

        SHA512

        d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        f8996d2158a69a12b4bc99edd28100bc

        SHA1

        892887691df881fe432e09b618e90f50447340e6

        SHA256

        866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

        SHA512

        d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        f8996d2158a69a12b4bc99edd28100bc

        SHA1

        892887691df881fe432e09b618e90f50447340e6

        SHA256

        866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

        SHA512

        d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
        Filesize

        1.7MB

        MD5

        1bbf5dd0b6ca80e4c7c77495c3f33083

        SHA1

        e0520037e60eb641ec04d1e814394c9da0a6a862

        SHA256

        bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

        SHA512

        97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
        Filesize

        97KB

        MD5

        da1d0cd400e0b6ad6415fd4d90f69666

        SHA1

        de9083d2902906cacf57259cf581b1466400b799

        SHA256

        7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

        SHA512

        f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        1313bb5df6c6e0d5c358735044fbebef

        SHA1

        cac3e2e3ed63dc147318e18f202a9da849830a91

        SHA256

        7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

        SHA512

        596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        1313bb5df6c6e0d5c358735044fbebef

        SHA1

        cac3e2e3ed63dc147318e18f202a9da849830a91

        SHA256

        7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

        SHA512

        596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        1313bb5df6c6e0d5c358735044fbebef

        SHA1

        cac3e2e3ed63dc147318e18f202a9da849830a91

        SHA256

        7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

        SHA512

        596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        1313bb5df6c6e0d5c358735044fbebef

        SHA1

        cac3e2e3ed63dc147318e18f202a9da849830a91

        SHA256

        7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

        SHA512

        596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        1313bb5df6c6e0d5c358735044fbebef

        SHA1

        cac3e2e3ed63dc147318e18f202a9da849830a91

        SHA256

        7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

        SHA512

        596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e7bbc7b426cee4b8027a00b11f06ef34

        SHA1

        926fad387ede328d3cfd9da80d0b303a865cca98

        SHA256

        e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

        SHA512

        f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e7bbc7b426cee4b8027a00b11f06ef34

        SHA1

        926fad387ede328d3cfd9da80d0b303a865cca98

        SHA256

        e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

        SHA512

        f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e7bbc7b426cee4b8027a00b11f06ef34

        SHA1

        926fad387ede328d3cfd9da80d0b303a865cca98

        SHA256

        e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

        SHA512

        f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e7bbc7b426cee4b8027a00b11f06ef34

        SHA1

        926fad387ede328d3cfd9da80d0b303a865cca98

        SHA256

        e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

        SHA512

        f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e7bbc7b426cee4b8027a00b11f06ef34

        SHA1

        926fad387ede328d3cfd9da80d0b303a865cca98

        SHA256

        e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

        SHA512

        f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        a9c1ddca7e1328048e1c690c4296a5a2

        SHA1

        f510cb03923961dcf68e953994b5ee26380af1fd

        SHA256

        57255825f783fea3d0c8370755eb7ed5ed56b76a7bf876a19b83bc68333c68c1

        SHA512

        00e87d6339b11ac64d199f21395f934b5488113eb06af20bf018047c4b542ca836d3a27f3acd7c8ed1bca08d0e4be39af86e43cd7856d501ce51e9bb75f3e487

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        a9c1ddca7e1328048e1c690c4296a5a2

        SHA1

        f510cb03923961dcf68e953994b5ee26380af1fd

        SHA256

        57255825f783fea3d0c8370755eb7ed5ed56b76a7bf876a19b83bc68333c68c1

        SHA512

        00e87d6339b11ac64d199f21395f934b5488113eb06af20bf018047c4b542ca836d3a27f3acd7c8ed1bca08d0e4be39af86e43cd7856d501ce51e9bb75f3e487

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        a9c1ddca7e1328048e1c690c4296a5a2

        SHA1

        f510cb03923961dcf68e953994b5ee26380af1fd

        SHA256

        57255825f783fea3d0c8370755eb7ed5ed56b76a7bf876a19b83bc68333c68c1

        SHA512

        00e87d6339b11ac64d199f21395f934b5488113eb06af20bf018047c4b542ca836d3a27f3acd7c8ed1bca08d0e4be39af86e43cd7856d501ce51e9bb75f3e487

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        a9c1ddca7e1328048e1c690c4296a5a2

        SHA1

        f510cb03923961dcf68e953994b5ee26380af1fd

        SHA256

        57255825f783fea3d0c8370755eb7ed5ed56b76a7bf876a19b83bc68333c68c1

        SHA512

        00e87d6339b11ac64d199f21395f934b5488113eb06af20bf018047c4b542ca836d3a27f3acd7c8ed1bca08d0e4be39af86e43cd7856d501ce51e9bb75f3e487

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        a9c1ddca7e1328048e1c690c4296a5a2

        SHA1

        f510cb03923961dcf68e953994b5ee26380af1fd

        SHA256

        57255825f783fea3d0c8370755eb7ed5ed56b76a7bf876a19b83bc68333c68c1

        SHA512

        00e87d6339b11ac64d199f21395f934b5488113eb06af20bf018047c4b542ca836d3a27f3acd7c8ed1bca08d0e4be39af86e43cd7856d501ce51e9bb75f3e487

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        a9c1ddca7e1328048e1c690c4296a5a2

        SHA1

        f510cb03923961dcf68e953994b5ee26380af1fd

        SHA256

        57255825f783fea3d0c8370755eb7ed5ed56b76a7bf876a19b83bc68333c68c1

        SHA512

        00e87d6339b11ac64d199f21395f934b5488113eb06af20bf018047c4b542ca836d3a27f3acd7c8ed1bca08d0e4be39af86e43cd7856d501ce51e9bb75f3e487

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        a9c1ddca7e1328048e1c690c4296a5a2

        SHA1

        f510cb03923961dcf68e953994b5ee26380af1fd

        SHA256

        57255825f783fea3d0c8370755eb7ed5ed56b76a7bf876a19b83bc68333c68c1

        SHA512

        00e87d6339b11ac64d199f21395f934b5488113eb06af20bf018047c4b542ca836d3a27f3acd7c8ed1bca08d0e4be39af86e43cd7856d501ce51e9bb75f3e487

        Download Submit

      • memory/692-204-0x0000000002630000-0x0000000002640000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1056-178-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1056-147-0x00000000029F0000-0x0000000002F37000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1056-146-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1352-135-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1352-203-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1388-128-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1436-98-0x0000000002CD0000-0x00000000030B8000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1436-97-0x0000000002CD0000-0x00000000030B8000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1436-99-0x0000000002CD0000-0x00000000030B8000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1436-169-0x000007FEFB7B1000-0x000007FEFB7B3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1692-118-0x00000000028E0000-0x0000000002E27000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1692-131-0x0000000003410000-0x0000000003957000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1692-132-0x0000000003910000-0x0000000003E57000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1692-199-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1692-113-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1692-150-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1812-122-0x00000000001F0000-0x00000000005D8000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1812-108-0x0000000002360000-0x0000000002370000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1812-112-0x0000000005740000-0x0000000005C87000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1812-111-0x0000000005740000-0x0000000005C87000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1812-110-0x0000000005740000-0x0000000005C87000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1812-100-0x00000000001F0000-0x00000000005D8000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1976-149-0x0000000003100000-0x0000000003110000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1976-79-0x0000000003100000-0x0000000003110000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1976-70-0x00000000003F0000-0x000000000041C000-memory.dmp

        Filesize

        176KB

        Download

      • memory/1976-566-0x0000000010000000-0x0000000010051000-memory.dmp

        Filesize

        324KB

        Download

      • memory/1976-69-0x0000000010000000-0x0000000010051000-memory.dmp

        Filesize

        324KB

        Download

      • memory/1976-73-0x00000000003F0000-0x000000000041C000-memory.dmp

        Filesize

        176KB

        Download

      • memory/1976-66-0x0000000001380000-0x0000000001768000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1976-72-0x0000000001380000-0x0000000001768000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/2004-148-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/2004-192-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/2024-54-0x00000000760C1000-0x00000000760C3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2024-64-0x0000000002EB0000-0x0000000003298000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/2024-71-0x0000000002EB0000-0x0000000003298000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/2448-205-0x0000000001FC0000-0x0000000002FC0000-memory.dmp

        Filesize

        16.0MB

        Download