Overview

overview

8

Static

static

1

TLauncher-...al.exe

windows7-x64

8

TLauncher-...al.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    150s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20221111-en
  • resource tags

    arch:x64arch:x86image:win7-20221111-enlocale:en-usos:windows7-x64system
  • submitted
    04-02-2023 16:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-2.871-Installer-1.0.6-global.exe

  • Size

    23.6MB

  • MD5

    7a4472a78d0651e11d20aa08e43cc045

  • SHA1

    aab1d5f80d7399ae2c1982201733be7681d100b1

  • SHA256

    318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96

  • SHA512

    c152c9d21b0615548173dcc61accb1a1afd5b6f98e6ec21f6a7119536397f07a54ad4087669716c3344dd338ce4f24cecf9989d472f65eaa18c87d496f23c681

  • SSDEEP

    393216:gXQLpnUN/n8IPfs/dQETVlOBbpFEj9GZ1GphRqV56Hpk7IXOzDnKI17fyVS:ggLFUp8aHExiTI3qqHp6zvKcfyVS

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 38 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 42 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 3 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 9 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 30 IoCs
  • Suspicious use of SetWindowsHookEx 10 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:1248
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe" "__IRCT:3" "__IRTSS:24771453" "__IRSID:S-1-5-21-1214520366-621468234-4062160515-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:108
      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:524
        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-1214520366-621468234-4062160515-1000"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies system certificate store
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:964
          • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Enumerates connected drives
            • Modifies system certificate store
            • Suspicious use of WriteProcessMemory
            PID:1672
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x70e1e428,0x70e1e438,0x70e1e444
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1760
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1224
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1672 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230204174804" --session-guid=5792801a-5444-4d6d-9a77-754257dff9fa --server-tracking-blob=MzQ2NjM4NzAyZDFlYjgzMjZjMTY3ZDcxNzRiZjIyOGZkMTVhM2UzZDA2NDE0MDZmYmE2MjI3OWUxNjk2NzFhYTp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzU1MjkyODAuMDM5MCIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiZGQ5ZTNiMDQtZGI1OC00MmY5LWEzNzAtNDY3M2JhZjA1NDYyIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0C03000000000000
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Enumerates connected drives
              • Suspicious use of WriteProcessMemory
              PID:1212
              • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x7032e428,0x7032e438,0x7032e444
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:1404
              • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\installer.exe
                "C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\installer.exe" --backend --initial-pid=1672 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041" --session-guid=5792801a-5444-4d6d-9a77-754257dff9fa --server-tracking-blob=MzQ2NjM4NzAyZDFlYjgzMjZjMTY3ZDcxNzRiZjIyOGZkMTVhM2UzZDA2NDE0MDZmYmE2MjI3OWUxNjk2NzFhYTp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzU1MjkyODAuMDM5MCIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiZGQ5ZTNiMDQtZGI1OC00MmY5LWEzNzAtNDY3M2JhZjA1NDYyIn0= --silent --desktopshortcut=1 --install-subfolder=95.0.4635.25
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Enumerates connected drives
                • Modifies registry class
                PID:1316
                • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\installer.exe
                  C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x174,0x178,0x17c,0x148,0x180,0x7fef5eca908,0x7fef5eca918,0x7fef5eca928
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:1364
                • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                  "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:1712
                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Enumerates system info in registry
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1064
                    • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_crashreporter.exe
                      C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feee901a18,0x7feee901a28,0x7feee901a38
                      10⤵
                      • Executes dropped EXE
                      PID:852
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1164 --field-trial-handle=1192,i,3190645171143376095,16077605952465926591,131072 /prefetch:2
                      10⤵
                      • Executes dropped EXE
                      PID:2164
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1376 --field-trial-handle=1192,i,3190645171143376095,16077605952465926591,131072 /prefetch:8
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:2308
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\assistant\_sfx.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\assistant\_sfx.exe"
              6⤵
              • Executes dropped EXE
              PID:1136
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\assistant\assistant_installer.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\assistant\assistant_installer.exe" --version
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1700
              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\assistant\assistant_installer.exe
                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0x1472dc0,0x1472dd0,0x1472ddc
                7⤵
                • Executes dropped EXE
                PID:1504
      • C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
        "C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
        3⤵
        • Executes dropped EXE
        PID:768
        • C:\Users\Admin\AppData\Local\Temp\jds7217277.tmp\jre-windows.exe
          "C:\Users\Admin\AppData\Local\Temp\jds7217277.tmp\jre-windows.exe" "STATIC=1"
          4⤵
          • Executes dropped EXE
          • Modifies Internet Explorer settings
          • Suspicious use of SetWindowsHookEx
          PID:2508
  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
    1⤵
    • Checks computer location settings
    • Executes dropped EXE
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2484
    • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_crashreporter.exe
      C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feee901a18,0x7feee901a28,0x7feee901a38
      2⤵
      • Executes dropped EXE
      PID:2500
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=980 --field-trial-handle=1136,i,6468461821144563258,7306665587361721373,131072 /prefetch:2
      2⤵
      • Executes dropped EXE
      PID:2648
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1356 --field-trial-handle=1136,i,6468461821144563258,7306665587361721373,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2752
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1588 --field-trial-handle=1136,i,6468461821144563258,7306665587361721373,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2788
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2020 --field-trial-handle=1136,i,6468461821144563258,7306665587361721373,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2988
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2036 --field-trial-handle=1136,i,6468461821144563258,7306665587361721373,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:3068
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2052 --field-trial-handle=1136,i,6468461821144563258,7306665587361721373,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2184
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2088 --field-trial-handle=1136,i,6468461821144563258,7306665587361721373,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:1364
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2104 --field-trial-handle=1136,i,6468461821144563258,7306665587361721373,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:1728
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2120 --field-trial-handle=1136,i,6468461821144563258,7306665587361721373,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:1684
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=2152 --field-trial-handle=1136,i,6468461821144563258,7306665587361721373,131072 /prefetch:1
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:2332
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=2168 --field-trial-handle=1136,i,6468461821144563258,7306665587361721373,131072 /prefetch:1
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:2128
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=3080 --field-trial-handle=1136,i,6468461821144563258,7306665587361721373,131072 /prefetch:1
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:2848
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=3088 --field-trial-handle=1136,i,6468461821144563258,7306665587361721373,131072 /prefetch:1
      2⤵
        PID:888
      • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_autoupdate.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
        2⤵
        • Executes dropped EXE
        PID:2276
        • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_autoupdate.exe
          C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.25\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x13fb6cbd8,0x13fb6cbe8,0x13fb6cbf8
          3⤵
          • Executes dropped EXE
          PID:544
    • C:\Windows\system32\taskeng.exe
      taskeng.exe {CB6A8BE9-BDAF-4329-958F-FF94D7E50275} S-1-5-21-1214520366-621468234-4062160515-1000:VDWSWJJD\Admin:Interactive:[1]
      1⤵
        PID:904
        • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
          C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=95.0.4635.25 --newautoupdaterlogic
          2⤵
          • Executes dropped EXE
          PID:2264
          • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
            "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
            3⤵
            • Executes dropped EXE
            PID:2860

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
        Filesize

        471B

        MD5

        570a1c546824166fb3c177c773629737

        SHA1

        db8cd214efba988d4e32bb8115ad4b7aae2c14e7

        SHA256

        12fb880a046d91c209588ed155147d84958042a4ab20b2c84dcd31891ac6a840

        SHA512

        f8e2c755bfd47f01d938af797a72b7f6998f2bb9d3ea87e894dc3e7d52126efeb9e8ee2bb803d12cb64ee5c6d8faabc37f1ef390551f5fde2f16afddaea3bab8

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        342B

        MD5

        9b93a86dc5fe83716a26ccb70629c431

        SHA1

        330d15d455afe0effb9f852e70e4b945929a4059

        SHA256

        3df3bfbf5c316b939f1e27e12c059c0942a29bd09a777c5843bc114146d29b9b

        SHA512

        96525e29defc07f2c7303ceb1e1b9e27974e9fd50d7aff87bc34d79a9f257fe114b22213e39c01123e137a1f60b687dd9daf1a1ea736816d0a3d8776eccd4cd5

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
        Filesize

        404B

        MD5

        901b4e234127280b93521708f08cc326

        SHA1

        13d1b176c1ef7b2f9a6bbe2b23a3b14b4be8548c

        SHA256

        58148ce7452ac4b43986b35d8645b103878b1b5e9bf4d1ccfb6a1a8c12883dac

        SHA512

        884d29054b11310c1cd1e9672b109070cd2ae88c3cf04565311cb1ff3e324badd0aee196c04cc19de08dfdbdb6c1bd9a398b009793bdbb693fe671fc1a6493da

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        8bdefc23d4a46eba2f71c82a7b1742be

        SHA1

        ddfcf805c19506de76c0e7de7219c8fa93fb3aaa

        SHA256

        7ebe7c0d0b45cf8be76c0b996e96e9574dc31fe13c25745af1ad64a554a24927

        SHA512

        28f45ac57256ba98cccebef606dcb4566a81b0ed2f59cdb680c9bdfc3214c60844073217ceb27e81f171b785c54f393059ccd32c15366bd555725611f5c4c39a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\assistant\_sfx.exe
        Filesize

        1.7MB

        MD5

        0238df215bf6943892daf85de8ad433a

        SHA1

        3d905e4e2c0e9170df61b7a199321847691f945e

        SHA256

        a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

        SHA512

        fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\assistant\_sfx.exe
        Filesize

        1.7MB

        MD5

        0238df215bf6943892daf85de8ad433a

        SHA1

        3d905e4e2c0e9170df61b7a199321847691f945e

        SHA256

        a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

        SHA512

        fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        7e08af319c9eb3297e09ca7bb8387de4

        SHA1

        4cf091f77a3eb9437ef33985e64bd10c1257284f

        SHA256

        6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

        SHA512

        bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        7e08af319c9eb3297e09ca7bb8387de4

        SHA1

        4cf091f77a3eb9437ef33985e64bd10c1257284f

        SHA256

        6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

        SHA512

        bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        8bdefc23d4a46eba2f71c82a7b1742be

        SHA1

        ddfcf805c19506de76c0e7de7219c8fa93fb3aaa

        SHA256

        7ebe7c0d0b45cf8be76c0b996e96e9574dc31fe13c25745af1ad64a554a24927

        SHA512

        28f45ac57256ba98cccebef606dcb4566a81b0ed2f59cdb680c9bdfc3214c60844073217ceb27e81f171b785c54f393059ccd32c15366bd555725611f5c4c39a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        8bdefc23d4a46eba2f71c82a7b1742be

        SHA1

        ddfcf805c19506de76c0e7de7219c8fa93fb3aaa

        SHA256

        7ebe7c0d0b45cf8be76c0b996e96e9574dc31fe13c25745af1ad64a554a24927

        SHA512

        28f45ac57256ba98cccebef606dcb4566a81b0ed2f59cdb680c9bdfc3214c60844073217ceb27e81f171b785c54f393059ccd32c15366bd555725611f5c4c39a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        8bdefc23d4a46eba2f71c82a7b1742be

        SHA1

        ddfcf805c19506de76c0e7de7219c8fa93fb3aaa

        SHA256

        7ebe7c0d0b45cf8be76c0b996e96e9574dc31fe13c25745af1ad64a554a24927

        SHA512

        28f45ac57256ba98cccebef606dcb4566a81b0ed2f59cdb680c9bdfc3214c60844073217ceb27e81f171b785c54f393059ccd32c15366bd555725611f5c4c39a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        8bdefc23d4a46eba2f71c82a7b1742be

        SHA1

        ddfcf805c19506de76c0e7de7219c8fa93fb3aaa

        SHA256

        7ebe7c0d0b45cf8be76c0b996e96e9574dc31fe13c25745af1ad64a554a24927

        SHA512

        28f45ac57256ba98cccebef606dcb4566a81b0ed2f59cdb680c9bdfc3214c60844073217ceb27e81f171b785c54f393059ccd32c15366bd555725611f5c4c39a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        8bdefc23d4a46eba2f71c82a7b1742be

        SHA1

        ddfcf805c19506de76c0e7de7219c8fa93fb3aaa

        SHA256

        7ebe7c0d0b45cf8be76c0b996e96e9574dc31fe13c25745af1ad64a554a24927

        SHA512

        28f45ac57256ba98cccebef606dcb4566a81b0ed2f59cdb680c9bdfc3214c60844073217ceb27e81f171b785c54f393059ccd32c15366bd555725611f5c4c39a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
        Filesize

        602B

        MD5

        74eb5a9755dece40038fee483f53914d

        SHA1

        1338997feaa4fa4410be06040fc626e0bbfba8b5

        SHA256

        07813228764d1ddd0e5ea26de2fb3a5752859d7c7a8791baf53c2159f61345e0

        SHA512

        bc9af8865e506078e48ab7d473196d00a72d7fd2874162ebc1b3bbd8d54d7630cc9231f6b4b298408aac079283f99b05b8c26fba939e034455e1cb5f5024f767

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
        Filesize

        40B

        MD5

        c2dfb12732d32867f161624183b73e8d

        SHA1

        56fe53c1d1177e34d747b68721030a457e563246

        SHA256

        5ec22d030301d51a7580d0a3458ef5a1b3396edbe2f805a68525a2a2e9287ed5

        SHA512

        9b825100b0aaf4e11649ab0d6af5a580eb0f7f647660711ebabe1d932579b5247caf5f75c3f768c192d242df42ae69b7221afc9c9113131f318cd61bf889c5a7

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
        Filesize

        40B

        MD5

        c2dfb12732d32867f161624183b73e8d

        SHA1

        56fe53c1d1177e34d747b68721030a457e563246

        SHA256

        5ec22d030301d51a7580d0a3458ef5a1b3396edbe2f805a68525a2a2e9287ed5

        SHA512

        9b825100b0aaf4e11649ab0d6af5a580eb0f7f647660711ebabe1d932579b5247caf5f75c3f768c192d242df42ae69b7221afc9c9113131f318cd61bf889c5a7

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        8bdefc23d4a46eba2f71c82a7b1742be

        SHA1

        ddfcf805c19506de76c0e7de7219c8fa93fb3aaa

        SHA256

        7ebe7c0d0b45cf8be76c0b996e96e9574dc31fe13c25745af1ad64a554a24927

        SHA512

        28f45ac57256ba98cccebef606dcb4566a81b0ed2f59cdb680c9bdfc3214c60844073217ceb27e81f171b785c54f393059ccd32c15366bd555725611f5c4c39a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\assistant\_sfx.exe
        Filesize

        1.7MB

        MD5

        0238df215bf6943892daf85de8ad433a

        SHA1

        3d905e4e2c0e9170df61b7a199321847691f945e

        SHA256

        a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

        SHA512

        fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\opera_package
        Filesize

        86.8MB

        MD5

        7f98c2aa3a2b1a46caf94752d2e73907

        SHA1

        105b7b96c23d403008f603a1e3cc4c7162884fe3

        SHA256

        8f85c61fe1ca76f4c8e2dcb5f51758de73c85d25817cfab70540fa193d3ee417

        SHA512

        57f46f5af493f73472f7c664f12156cf8e18126a3f91e4c313d1ec185c78dad9301e09db38396cf811ada24eecd01b4b705384ca61da5f640c7ad38f3860b1e0

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302041748041\opera_package
        Filesize

        86.8MB

        MD5

        7f98c2aa3a2b1a46caf94752d2e73907

        SHA1

        105b7b96c23d403008f603a1e3cc4c7162884fe3

        SHA256

        8f85c61fe1ca76f4c8e2dcb5f51758de73c85d25817cfab70540fa193d3ee417

        SHA512

        57f46f5af493f73472f7c664f12156cf8e18126a3f91e4c313d1ec185c78dad9301e09db38396cf811ada24eecd01b4b705384ca61da5f640c7ad38f3860b1e0

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302041748002411672.dll
        Filesize

        4.6MB

        MD5

        914ec7fb3d69e977440248ef30323636

        SHA1

        2aa31e599769f34d0cb6e979947ca5728db9b009

        SHA256

        528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

        SHA512

        ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302041748017701760.dll
        Filesize

        4.6MB

        MD5

        914ec7fb3d69e977440248ef30323636

        SHA1

        2aa31e599769f34d0cb6e979947ca5728db9b009

        SHA256

        528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

        SHA512

        ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302041748041411224.dll
        Filesize

        4.6MB

        MD5

        914ec7fb3d69e977440248ef30323636

        SHA1

        2aa31e599769f34d0cb6e979947ca5728db9b009

        SHA256

        528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

        SHA512

        ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302041748057641212.dll
        Filesize

        4.6MB

        MD5

        914ec7fb3d69e977440248ef30323636

        SHA1

        2aa31e599769f34d0cb6e979947ca5728db9b009

        SHA256

        528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

        SHA512

        ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302041748074951404.dll
        Filesize

        4.6MB

        MD5

        914ec7fb3d69e977440248ef30323636

        SHA1

        2aa31e599769f34d0cb6e979947ca5728db9b009

        SHA256

        528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203

        SHA512

        ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
        Filesize

        1.7MB

        MD5

        1bbf5dd0b6ca80e4c7c77495c3f33083

        SHA1

        e0520037e60eb641ec04d1e814394c9da0a6a862

        SHA256

        bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

        SHA512

        97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
        Filesize

        97KB

        MD5

        da1d0cd400e0b6ad6415fd4d90f69666

        SHA1

        de9083d2902906cacf57259cf581b1466400b799

        SHA256

        7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

        SHA512

        f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        7e08af319c9eb3297e09ca7bb8387de4

        SHA1

        4cf091f77a3eb9437ef33985e64bd10c1257284f

        SHA256

        6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

        SHA512

        bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        7e08af319c9eb3297e09ca7bb8387de4

        SHA1

        4cf091f77a3eb9437ef33985e64bd10c1257284f

        SHA256

        6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

        SHA512

        bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        7e08af319c9eb3297e09ca7bb8387de4

        SHA1

        4cf091f77a3eb9437ef33985e64bd10c1257284f

        SHA256

        6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

        SHA512

        bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        7e08af319c9eb3297e09ca7bb8387de4

        SHA1

        4cf091f77a3eb9437ef33985e64bd10c1257284f

        SHA256

        6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

        SHA512

        bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        7e08af319c9eb3297e09ca7bb8387de4

        SHA1

        4cf091f77a3eb9437ef33985e64bd10c1257284f

        SHA256

        6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

        SHA512

        bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        8bdefc23d4a46eba2f71c82a7b1742be

        SHA1

        ddfcf805c19506de76c0e7de7219c8fa93fb3aaa

        SHA256

        7ebe7c0d0b45cf8be76c0b996e96e9574dc31fe13c25745af1ad64a554a24927

        SHA512

        28f45ac57256ba98cccebef606dcb4566a81b0ed2f59cdb680c9bdfc3214c60844073217ceb27e81f171b785c54f393059ccd32c15366bd555725611f5c4c39a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        8bdefc23d4a46eba2f71c82a7b1742be

        SHA1

        ddfcf805c19506de76c0e7de7219c8fa93fb3aaa

        SHA256

        7ebe7c0d0b45cf8be76c0b996e96e9574dc31fe13c25745af1ad64a554a24927

        SHA512

        28f45ac57256ba98cccebef606dcb4566a81b0ed2f59cdb680c9bdfc3214c60844073217ceb27e81f171b785c54f393059ccd32c15366bd555725611f5c4c39a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        8bdefc23d4a46eba2f71c82a7b1742be

        SHA1

        ddfcf805c19506de76c0e7de7219c8fa93fb3aaa

        SHA256

        7ebe7c0d0b45cf8be76c0b996e96e9574dc31fe13c25745af1ad64a554a24927

        SHA512

        28f45ac57256ba98cccebef606dcb4566a81b0ed2f59cdb680c9bdfc3214c60844073217ceb27e81f171b785c54f393059ccd32c15366bd555725611f5c4c39a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        8bdefc23d4a46eba2f71c82a7b1742be

        SHA1

        ddfcf805c19506de76c0e7de7219c8fa93fb3aaa

        SHA256

        7ebe7c0d0b45cf8be76c0b996e96e9574dc31fe13c25745af1ad64a554a24927

        SHA512

        28f45ac57256ba98cccebef606dcb4566a81b0ed2f59cdb680c9bdfc3214c60844073217ceb27e81f171b785c54f393059ccd32c15366bd555725611f5c4c39a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        8bdefc23d4a46eba2f71c82a7b1742be

        SHA1

        ddfcf805c19506de76c0e7de7219c8fa93fb3aaa

        SHA256

        7ebe7c0d0b45cf8be76c0b996e96e9574dc31fe13c25745af1ad64a554a24927

        SHA512

        28f45ac57256ba98cccebef606dcb4566a81b0ed2f59cdb680c9bdfc3214c60844073217ceb27e81f171b785c54f393059ccd32c15366bd555725611f5c4c39a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        8bdefc23d4a46eba2f71c82a7b1742be

        SHA1

        ddfcf805c19506de76c0e7de7219c8fa93fb3aaa

        SHA256

        7ebe7c0d0b45cf8be76c0b996e96e9574dc31fe13c25745af1ad64a554a24927

        SHA512

        28f45ac57256ba98cccebef606dcb4566a81b0ed2f59cdb680c9bdfc3214c60844073217ceb27e81f171b785c54f393059ccd32c15366bd555725611f5c4c39a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        8bdefc23d4a46eba2f71c82a7b1742be

        SHA1

        ddfcf805c19506de76c0e7de7219c8fa93fb3aaa

        SHA256

        7ebe7c0d0b45cf8be76c0b996e96e9574dc31fe13c25745af1ad64a554a24927

        SHA512

        28f45ac57256ba98cccebef606dcb4566a81b0ed2f59cdb680c9bdfc3214c60844073217ceb27e81f171b785c54f393059ccd32c15366bd555725611f5c4c39a

        Download Submit

      • memory/108-144-0x0000000002DE0000-0x0000000002DF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/108-445-0x0000000010000000-0x0000000010051000-memory.dmp

        Filesize

        324KB

        Download

      • memory/108-67-0x0000000000FD0000-0x00000000013B8000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/108-72-0x0000000000FD0000-0x00000000013B8000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/108-80-0x0000000002DE0000-0x0000000002DF0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/108-71-0x0000000000890000-0x0000000000893000-memory.dmp

        Filesize

        12KB

        Download

      • memory/108-70-0x0000000010000000-0x0000000010051000-memory.dmp

        Filesize

        324KB

        Download

      • memory/524-94-0x0000000002C30000-0x0000000003018000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/524-97-0x0000000002C30000-0x0000000003018000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/524-98-0x0000000002C30000-0x0000000003018000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/964-109-0x0000000001280000-0x0000000001668000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/964-108-0x0000000000C70000-0x0000000000C80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/964-145-0x0000000000C70000-0x0000000000C80000-memory.dmp

        Filesize

        64KB

        Download

      • memory/964-99-0x0000000001280000-0x0000000001668000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1064-203-0x0000000002070000-0x0000000002080000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1212-134-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1212-186-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1212-141-0x0000000002900000-0x0000000002E47000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1224-125-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1248-54-0x0000000075831000-0x0000000075833000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1248-63-0x0000000002E40000-0x0000000003228000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1248-61-0x0000000002E40000-0x0000000003228000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1316-168-0x000007FEFB741000-0x000007FEFB743000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1404-142-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1404-190-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1672-110-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1672-149-0x00000000037B0000-0x0000000003CF7000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1672-133-0x00000000037B0000-0x0000000003CF7000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1672-148-0x0000000003470000-0x00000000039B7000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1672-147-0x00000000029D0000-0x0000000002F17000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1672-146-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1672-195-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1672-118-0x00000000029D0000-0x0000000002F17000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1760-202-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1760-119-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download