Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

TLauncher-....6.exe

windows7-x64

8

TLauncher-....6.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    151s
  • max time network
    153s
  • platform
    windows7_x64
  • resource
    win7-20220901-en
  • resource tags

    arch:x64arch:x86image:win7-20220901-enlocale:en-usos:windows7-x64system
  • submitted
    10/02/2023, 23:46

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-2.871-Installer-1.0.6.exe

  • Size

    23.7MB

  • MD5

    49fb0f13cdb8d7cad1487889b6becced

  • SHA1

    b71d98ec45e6f7314f0e33106485beef99b2ee7c

  • SHA256

    7e49e00be1992fbc4ac14f2e5e3c05dccadf8fba3c3936357d8df7f146f5f0a3

  • SHA512

    639fa23294556bf77080d420e7e1b5b7c07a8b1e93897c36a4f8e398c1c58de9b91636420102e68f6957c768793797728664e32dc38aa68315746882b4ebe1d9

  • SSDEEP

    393216:XX921sp/n85Pfs/dQETVlOBbpFEj9GZ1GphRqV56Hpk7IXOzDnKI17fyV5:XN8s18hHExiTI3qqHp6zvKcfyV5

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 4 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 39 IoCs
  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • UPX packed file 41 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 3 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:2016
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe" "__IRCT:3" "__IRTSS:24870711" "__IRSID:S-1-5-21-4063495947-34355257-727531523-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Modifies Internet Explorer settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:1680
      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:2004
        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-4063495947-34355257-727531523-1000"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Modifies system certificate store
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1648
          • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Enumerates connected drives
            • Modifies system certificate store
            • Suspicious use of WriteProcessMemory
            PID:1552
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.37 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x719de428,0x719de438,0x719de444
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1572
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:1196
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1552 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230214011407" --session-guid=f9b4f331-032d-468a-a0c2-bc1aa48f5440 --server-tracking-blob=MmQxNTBmOTJjMTZkYTMxNjZhNGM3NzYzYTE3MzI4ODM1M2NlYmM4Y2Q4ZDEyMDc4MGRlOTg3MzBhNmUzODJkODp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzYzMzcyNDUuODA4OSIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiMjQwNGVjNTMtYTVlZC00MThiLTk4Y2EtNDcxMzgxOTNmMDA3In0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=4003000000000000
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Enumerates connected drives
              • Suspicious use of WriteProcessMemory
              PID:1836
              • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.37 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x70f5e428,0x70f5e438,0x70f5e444
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                PID:1668
              • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\installer.exe
                "C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\installer.exe" --backend --initial-pid=1552 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071" --session-guid=f9b4f331-032d-468a-a0c2-bc1aa48f5440 --server-tracking-blob=MmQxNTBmOTJjMTZkYTMxNjZhNGM3NzYzYTE3MzI4ODM1M2NlYmM4Y2Q4ZDEyMDc4MGRlOTg3MzBhNmUzODJkODp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzYzMzcyNDUuODA4OSIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiMjQwNGVjNTMtYTVlZC00MThiLTk4Y2EtNDcxMzgxOTNmMDA3In0= --silent --desktopshortcut=1 --install-subfolder=95.0.4635.37
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Enumerates connected drives
                • Modifies registry class
                PID:1460
                • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\installer.exe
                  C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.37 --initial-client-data=0x174,0x178,0x17c,0x148,0x180,0x7fef6aea908,0x7fef6aea918,0x7fef6aea928
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:1960
                • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                  "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:904
                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Enumerates system info in registry
                    PID:1952
                    • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_crashreporter.exe
                      C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.37 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feeea53a18,0x7feeea53a28,0x7feeea53a38
                      10⤵
                      • Executes dropped EXE
                      PID:2032
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1056 --field-trial-handle=1116,i,3165133337847092539,1252595540311006537,131072 /prefetch:2
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:2200
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1372 --field-trial-handle=1116,i,3165133337847092539,1252595540311006537,131072 /prefetch:8
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:2324
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\assistant\_sfx.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\assistant\_sfx.exe"
              6⤵
              • Executes dropped EXE
              PID:1604
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\assistant\assistant_installer.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\assistant\assistant_installer.exe" --version
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:112
              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\assistant\assistant_installer.exe
                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0xeb2dc0,0xeb2dd0,0xeb2ddc
                7⤵
                • Executes dropped EXE
                PID:1324
  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
    1⤵
    • Checks computer location settings
    • Executes dropped EXE
    • Adds Run key to start application
    • Drops file in Program Files directory
    • Checks processor information in registry
    • Enumerates system info in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:2344
    • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_crashreporter.exe
      C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.37 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feeea53a18,0x7feeea53a28,0x7feeea53a38
      2⤵
      • Executes dropped EXE
      PID:2412
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1028 --field-trial-handle=1348,i,13404416417303242538,1008711015508794613,131072 /prefetch:2
      2⤵
      • Executes dropped EXE
      PID:2564
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=808 --field-trial-handle=1348,i,13404416417303242538,1008711015508794613,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2700
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1556 --field-trial-handle=1348,i,13404416417303242538,1008711015508794613,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2712
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1932 --field-trial-handle=1348,i,13404416417303242538,1008711015508794613,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2880
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1944 --field-trial-handle=1348,i,13404416417303242538,1008711015508794613,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2996
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1956 --field-trial-handle=1348,i,13404416417303242538,1008711015508794613,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2076
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1968 --field-trial-handle=1348,i,13404416417303242538,1008711015508794613,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:1204
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1980 --field-trial-handle=1348,i,13404416417303242538,1008711015508794613,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:1672
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1992 --field-trial-handle=1348,i,13404416417303242538,1008711015508794613,131072 /prefetch:8
      2⤵
      • Executes dropped EXE
      PID:2316
    • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
      2⤵
      • Executes dropped EXE
      PID:2376
      • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe
        C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.37 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x13fcdcbd8,0x13fcdcbe8,0x13fcdcbf8
        3⤵
        • Executes dropped EXE
        PID:1908
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=2044 --field-trial-handle=1348,i,13404416417303242538,1008711015508794613,131072 /prefetch:1
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:2420
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=2064 --field-trial-handle=1348,i,13404416417303242538,1008711015508794613,131072 /prefetch:1
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:3044
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=2796 --field-trial-handle=1348,i,13404416417303242538,1008711015508794613,131072 /prefetch:1
      2⤵
      • Checks computer location settings
      • Executes dropped EXE
      PID:1712
    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=2804 --field-trial-handle=1348,i,13404416417303242538,1008711015508794613,131072 /prefetch:1
      2⤵
        PID:1912
    • C:\Windows\system32\taskeng.exe
      taskeng.exe {CF0D625F-41C7-4E96-B1F9-628F3DC5397A} S-1-5-21-4063495947-34355257-727531523-1000:RYNKSFQE\Admin:Interactive:[1]
      1⤵
        PID:676
        • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
          C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=95.0.4635.37 --newautoupdaterlogic
          2⤵
          • Executes dropped EXE
          PID:2648
          • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
            "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
            3⤵
            • Executes dropped EXE
            PID:2676
          • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe
            "C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe" --pipeid=oauc_task_pipedcbb8f53eff625f232ff45d764476217 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015" --scheduledtask
            3⤵
            • Executes dropped EXE
            PID:2332
            • C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe
              C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\Crash Reports" --crash-count-file=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\crash_count.txt --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.37 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x14030cbd8,0x14030cbe8,0x14030cbf8
              4⤵
              • Executes dropped EXE
              PID:1728
            • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
              4⤵
              • Executes dropped EXE
              PID:2684

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
        Filesize

        471B

        MD5

        0054a1fbd684189c09c29b9433c9852f

        SHA1

        200fd59a338bc57eff3ad7a28708c188f69cb6a3

        SHA256

        6928afafe1e2503dc9213143819b89037e2789fc71ab2a3c3ea719e2e6dfa4fb

        SHA512

        1da7f55415e0973acce3c43eb44e8374fe12d959e3b7a9b546866755ef823811880c34c728498fd1f1959de24e5ba6b245d60f37c685d314870eb53b0694829e

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
        Filesize

        344B

        MD5

        b4414ecad9f0a6c7b8af68e814610453

        SHA1

        2ef457173df2afe2e1311f0d0f6d57c5b319888d

        SHA256

        5e1d4eb4b41f5810df7ad1265d9e081da7da69e4b9ef5cd5054da5411e401a36

        SHA512

        0de670fea52e838a04bb1139df377fc2c070b0d1cb4aea255ff88bd13b63744851df45d6973f81a4bb3a4a49d0dc9d55ffd0ba3d2cab37f8adecf1201fd20923

        Download Submit

      • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
        Filesize

        434B

        MD5

        b247de3ab91697effe96c55f5f545f22

        SHA1

        b04aa1eb722dc191f44b7c97fdf033838cd7599c

        SHA256

        df1367a5cf868413351f8faa193d61b0332a88a7342b4db06eaf28a335162f2d

        SHA512

        5c3daac6575564ce29dd68f1e14a8fa3be7249f9599dad31f6d000119b7d9d943f7b9d1575e499f88260d8f4b8ab97a5f69a57e4475120f180eebc895fc8ff56

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        3c5ee1ce4262b6169bda86496ad6dab5

        SHA1

        feb7480174eea44a54c71969011317cba7aa4c7e

        SHA256

        9d3ca09b7d7edd98622ca35e6473897ced8060bbb94bf84c0f63b49a32fb75c0

        SHA512

        fd8d6325fa9148b8b628bd688463b6757ce6537e3fca39d8088313cdc766d350a13cefd8e488ba982b5dbce30dab8cd9b7a30ba276f0cf71a33fb381537fe305

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\assistant\_sfx.exe
        Filesize

        1.7MB

        MD5

        0238df215bf6943892daf85de8ad433a

        SHA1

        3d905e4e2c0e9170df61b7a199321847691f945e

        SHA256

        a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

        SHA512

        fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\assistant\_sfx.exe
        Filesize

        1.7MB

        MD5

        0238df215bf6943892daf85de8ad433a

        SHA1

        3d905e4e2c0e9170df61b7a199321847691f945e

        SHA256

        a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

        SHA512

        fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        ec4efe0ebb80b619737bd26180cc76cc

        SHA1

        7fd72c0eb6bee289e4b2714cf1fb8c197754811b

        SHA256

        b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

        SHA512

        384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        ec4efe0ebb80b619737bd26180cc76cc

        SHA1

        7fd72c0eb6bee289e4b2714cf1fb8c197754811b

        SHA256

        b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

        SHA512

        384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        3c5ee1ce4262b6169bda86496ad6dab5

        SHA1

        feb7480174eea44a54c71969011317cba7aa4c7e

        SHA256

        9d3ca09b7d7edd98622ca35e6473897ced8060bbb94bf84c0f63b49a32fb75c0

        SHA512

        fd8d6325fa9148b8b628bd688463b6757ce6537e3fca39d8088313cdc766d350a13cefd8e488ba982b5dbce30dab8cd9b7a30ba276f0cf71a33fb381537fe305

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        3c5ee1ce4262b6169bda86496ad6dab5

        SHA1

        feb7480174eea44a54c71969011317cba7aa4c7e

        SHA256

        9d3ca09b7d7edd98622ca35e6473897ced8060bbb94bf84c0f63b49a32fb75c0

        SHA512

        fd8d6325fa9148b8b628bd688463b6757ce6537e3fca39d8088313cdc766d350a13cefd8e488ba982b5dbce30dab8cd9b7a30ba276f0cf71a33fb381537fe305

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        3c5ee1ce4262b6169bda86496ad6dab5

        SHA1

        feb7480174eea44a54c71969011317cba7aa4c7e

        SHA256

        9d3ca09b7d7edd98622ca35e6473897ced8060bbb94bf84c0f63b49a32fb75c0

        SHA512

        fd8d6325fa9148b8b628bd688463b6757ce6537e3fca39d8088313cdc766d350a13cefd8e488ba982b5dbce30dab8cd9b7a30ba276f0cf71a33fb381537fe305

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        3c5ee1ce4262b6169bda86496ad6dab5

        SHA1

        feb7480174eea44a54c71969011317cba7aa4c7e

        SHA256

        9d3ca09b7d7edd98622ca35e6473897ced8060bbb94bf84c0f63b49a32fb75c0

        SHA512

        fd8d6325fa9148b8b628bd688463b6757ce6537e3fca39d8088313cdc766d350a13cefd8e488ba982b5dbce30dab8cd9b7a30ba276f0cf71a33fb381537fe305

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        3c5ee1ce4262b6169bda86496ad6dab5

        SHA1

        feb7480174eea44a54c71969011317cba7aa4c7e

        SHA256

        9d3ca09b7d7edd98622ca35e6473897ced8060bbb94bf84c0f63b49a32fb75c0

        SHA512

        fd8d6325fa9148b8b628bd688463b6757ce6537e3fca39d8088313cdc766d350a13cefd8e488ba982b5dbce30dab8cd9b7a30ba276f0cf71a33fb381537fe305

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
        Filesize

        602B

        MD5

        74791b1340beefa4b3ed3a4fc4442ff3

        SHA1

        5b07e38767950d31732f2e0fbed01723008dc137

        SHA256

        d1a1d15ffe7df7546def3525a612c17758222166c1cde3b7dce3df422a5c4178

        SHA512

        70fe75b8e0e7127a249248ebf221c6b575328d211e2a86b92a94ddd5159dddbf733c627d2da37f5ef0714ec924e548746eb1827f15995e5f5ed3a43ff750fdf5

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
        Filesize

        40B

        MD5

        fce4bf28fcb8c56186c24da5cae4bb88

        SHA1

        b3c951dbbb9babf4f838d71d3e52a02c7fcfa92a

        SHA256

        62d3c268df732dcf0a84ca6d9ab2723e5a59b697c6624ed37de5fccf83554b54

        SHA512

        abae5cdc3a62d9309334ab5bee5ce00e930590197a0b3afb3913138c759857b0f27d6313af9df05724151b54b0a4e07abd338f33f043b7bc3116b747972d3dda

        Download Submit

      • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
        Filesize

        40B

        MD5

        fce4bf28fcb8c56186c24da5cae4bb88

        SHA1

        b3c951dbbb9babf4f838d71d3e52a02c7fcfa92a

        SHA256

        62d3c268df732dcf0a84ca6d9ab2723e5a59b697c6624ed37de5fccf83554b54

        SHA512

        abae5cdc3a62d9309334ab5bee5ce00e930590197a0b3afb3913138c759857b0f27d6313af9df05724151b54b0a4e07abd338f33f043b7bc3116b747972d3dda

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        3c5ee1ce4262b6169bda86496ad6dab5

        SHA1

        feb7480174eea44a54c71969011317cba7aa4c7e

        SHA256

        9d3ca09b7d7edd98622ca35e6473897ced8060bbb94bf84c0f63b49a32fb75c0

        SHA512

        fd8d6325fa9148b8b628bd688463b6757ce6537e3fca39d8088313cdc766d350a13cefd8e488ba982b5dbce30dab8cd9b7a30ba276f0cf71a33fb381537fe305

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\assistant\_sfx.exe
        Filesize

        1.7MB

        MD5

        0238df215bf6943892daf85de8ad433a

        SHA1

        3d905e4e2c0e9170df61b7a199321847691f945e

        SHA256

        a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

        SHA512

        fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\assistant\assistant_installer.exe
        Filesize

        2.1MB

        MD5

        9df6e2fbb7e38964f35016bf91ef7424

        SHA1

        d0c1266dc46814bc6165cf6a69e90581228989a7

        SHA256

        3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

        SHA512

        b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\opera_package
        Filesize

        86.8MB

        MD5

        d952728a4ce9fa6fd1df1e71f2cdad79

        SHA1

        62a0cdac813c83cea2f5a406a6940982f33d839a

        SHA256

        f115d42f06f27045cf1cf04bbfa4591789547ddb3614be6c912fa75bd4eb4cb6

        SHA512

        8720da841a9d31832b943fb56271e3efcb05520d0d5506a5ce823d8d5e909ebafd796d3d2b8afd82e2479329b84ee1813de5380598a7271ca9d5b64a2d3b4534

        Download Submit

      • \Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140114071\opera_package
        Filesize

        86.8MB

        MD5

        d952728a4ce9fa6fd1df1e71f2cdad79

        SHA1

        62a0cdac813c83cea2f5a406a6940982f33d839a

        SHA256

        f115d42f06f27045cf1cf04bbfa4591789547ddb3614be6c912fa75bd4eb4cb6

        SHA512

        8720da841a9d31832b943fb56271e3efcb05520d0d5506a5ce823d8d5e909ebafd796d3d2b8afd82e2479329b84ee1813de5380598a7271ca9d5b64a2d3b4534

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302140114042981552.dll
        Filesize

        4.6MB

        MD5

        5ff9275c5cee292fff9034f03bd847e1

        SHA1

        37bf88e062278882492823c7039b7cf374756ae0

        SHA256

        2309501e723a011f4bf2b505e178cbb97af4d798a8720d344f2730c4d756ee08

        SHA512

        f58e5981e25cd6cdd5edb9d9974f137615dee7516d221bf0df08a7425ec68361f29d7b5ca1b835c476fcbcee0df4a028bfa5308867fb3976aaba67cbf8b8dd02

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302140114046411572.dll
        Filesize

        4.6MB

        MD5

        5ff9275c5cee292fff9034f03bd847e1

        SHA1

        37bf88e062278882492823c7039b7cf374756ae0

        SHA256

        2309501e723a011f4bf2b505e178cbb97af4d798a8720d344f2730c4d756ee08

        SHA512

        f58e5981e25cd6cdd5edb9d9974f137615dee7516d221bf0df08a7425ec68361f29d7b5ca1b835c476fcbcee0df4a028bfa5308867fb3976aaba67cbf8b8dd02

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302140114070281196.dll
        Filesize

        4.6MB

        MD5

        5ff9275c5cee292fff9034f03bd847e1

        SHA1

        37bf88e062278882492823c7039b7cf374756ae0

        SHA256

        2309501e723a011f4bf2b505e178cbb97af4d798a8720d344f2730c4d756ee08

        SHA512

        f58e5981e25cd6cdd5edb9d9974f137615dee7516d221bf0df08a7425ec68361f29d7b5ca1b835c476fcbcee0df4a028bfa5308867fb3976aaba67cbf8b8dd02

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302140114073401836.dll
        Filesize

        4.6MB

        MD5

        5ff9275c5cee292fff9034f03bd847e1

        SHA1

        37bf88e062278882492823c7039b7cf374756ae0

        SHA256

        2309501e723a011f4bf2b505e178cbb97af4d798a8720d344f2730c4d756ee08

        SHA512

        f58e5981e25cd6cdd5edb9d9974f137615dee7516d221bf0df08a7425ec68361f29d7b5ca1b835c476fcbcee0df4a028bfa5308867fb3976aaba67cbf8b8dd02

        Download Submit

      • \Users\Admin\AppData\Local\Temp\Opera_installer_2302140114080731668.dll
        Filesize

        4.6MB

        MD5

        5ff9275c5cee292fff9034f03bd847e1

        SHA1

        37bf88e062278882492823c7039b7cf374756ae0

        SHA256

        2309501e723a011f4bf2b505e178cbb97af4d798a8720d344f2730c4d756ee08

        SHA512

        f58e5981e25cd6cdd5edb9d9974f137615dee7516d221bf0df08a7425ec68361f29d7b5ca1b835c476fcbcee0df4a028bfa5308867fb3976aaba67cbf8b8dd02

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        Filesize

        1.8MB

        MD5

        aa4de04ccc16b74a4c2301da8d621ec1

        SHA1

        d05c6d8200f6e6b1283df82d24d687adc47d9664

        SHA256

        e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

        SHA512

        28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
        Filesize

        1.7MB

        MD5

        1bbf5dd0b6ca80e4c7c77495c3f33083

        SHA1

        e0520037e60eb641ec04d1e814394c9da0a6a862

        SHA256

        bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

        SHA512

        97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
        Filesize

        97KB

        MD5

        da1d0cd400e0b6ad6415fd4d90f69666

        SHA1

        de9083d2902906cacf57259cf581b1466400b799

        SHA256

        7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

        SHA512

        f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        ec4efe0ebb80b619737bd26180cc76cc

        SHA1

        7fd72c0eb6bee289e4b2714cf1fb8c197754811b

        SHA256

        b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

        SHA512

        384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        ec4efe0ebb80b619737bd26180cc76cc

        SHA1

        7fd72c0eb6bee289e4b2714cf1fb8c197754811b

        SHA256

        b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

        SHA512

        384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        ec4efe0ebb80b619737bd26180cc76cc

        SHA1

        7fd72c0eb6bee289e4b2714cf1fb8c197754811b

        SHA256

        b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

        SHA512

        384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        ec4efe0ebb80b619737bd26180cc76cc

        SHA1

        7fd72c0eb6bee289e4b2714cf1fb8c197754811b

        SHA256

        b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

        SHA512

        384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
        Filesize

        1.3MB

        MD5

        ec4efe0ebb80b619737bd26180cc76cc

        SHA1

        7fd72c0eb6bee289e4b2714cf1fb8c197754811b

        SHA256

        b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

        SHA512

        384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
        Filesize

        1.3MB

        MD5

        e801c5847f5f9d207db53aaaf5c6f3a2

        SHA1

        8e6818ce66555e2cca92e5c5f32551fb4a91645e

        SHA256

        196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

        SHA512

        303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

        Download Submit

      • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
        Filesize

        326KB

        MD5

        80d93d38badecdd2b134fe4699721223

        SHA1

        e829e58091bae93bc64e0c6f9f0bac999cfda23d

        SHA256

        c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

        SHA512

        9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        3c5ee1ce4262b6169bda86496ad6dab5

        SHA1

        feb7480174eea44a54c71969011317cba7aa4c7e

        SHA256

        9d3ca09b7d7edd98622ca35e6473897ced8060bbb94bf84c0f63b49a32fb75c0

        SHA512

        fd8d6325fa9148b8b628bd688463b6757ce6537e3fca39d8088313cdc766d350a13cefd8e488ba982b5dbce30dab8cd9b7a30ba276f0cf71a33fb381537fe305

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        3c5ee1ce4262b6169bda86496ad6dab5

        SHA1

        feb7480174eea44a54c71969011317cba7aa4c7e

        SHA256

        9d3ca09b7d7edd98622ca35e6473897ced8060bbb94bf84c0f63b49a32fb75c0

        SHA512

        fd8d6325fa9148b8b628bd688463b6757ce6537e3fca39d8088313cdc766d350a13cefd8e488ba982b5dbce30dab8cd9b7a30ba276f0cf71a33fb381537fe305

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        3c5ee1ce4262b6169bda86496ad6dab5

        SHA1

        feb7480174eea44a54c71969011317cba7aa4c7e

        SHA256

        9d3ca09b7d7edd98622ca35e6473897ced8060bbb94bf84c0f63b49a32fb75c0

        SHA512

        fd8d6325fa9148b8b628bd688463b6757ce6537e3fca39d8088313cdc766d350a13cefd8e488ba982b5dbce30dab8cd9b7a30ba276f0cf71a33fb381537fe305

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        3c5ee1ce4262b6169bda86496ad6dab5

        SHA1

        feb7480174eea44a54c71969011317cba7aa4c7e

        SHA256

        9d3ca09b7d7edd98622ca35e6473897ced8060bbb94bf84c0f63b49a32fb75c0

        SHA512

        fd8d6325fa9148b8b628bd688463b6757ce6537e3fca39d8088313cdc766d350a13cefd8e488ba982b5dbce30dab8cd9b7a30ba276f0cf71a33fb381537fe305

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        3c5ee1ce4262b6169bda86496ad6dab5

        SHA1

        feb7480174eea44a54c71969011317cba7aa4c7e

        SHA256

        9d3ca09b7d7edd98622ca35e6473897ced8060bbb94bf84c0f63b49a32fb75c0

        SHA512

        fd8d6325fa9148b8b628bd688463b6757ce6537e3fca39d8088313cdc766d350a13cefd8e488ba982b5dbce30dab8cd9b7a30ba276f0cf71a33fb381537fe305

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        3c5ee1ce4262b6169bda86496ad6dab5

        SHA1

        feb7480174eea44a54c71969011317cba7aa4c7e

        SHA256

        9d3ca09b7d7edd98622ca35e6473897ced8060bbb94bf84c0f63b49a32fb75c0

        SHA512

        fd8d6325fa9148b8b628bd688463b6757ce6537e3fca39d8088313cdc766d350a13cefd8e488ba982b5dbce30dab8cd9b7a30ba276f0cf71a33fb381537fe305

        Download Submit

      • \Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        Filesize

        2.7MB

        MD5

        3c5ee1ce4262b6169bda86496ad6dab5

        SHA1

        feb7480174eea44a54c71969011317cba7aa4c7e

        SHA256

        9d3ca09b7d7edd98622ca35e6473897ced8060bbb94bf84c0f63b49a32fb75c0

        SHA512

        fd8d6325fa9148b8b628bd688463b6757ce6537e3fca39d8088313cdc766d350a13cefd8e488ba982b5dbce30dab8cd9b7a30ba276f0cf71a33fb381537fe305

        Download Submit

      • memory/1196-131-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1460-171-0x000007FEFC2F1000-0x000007FEFC2F3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/1552-126-0x0000000002810000-0x0000000002D57000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1552-205-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1552-122-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1552-147-0x00000000033C0000-0x0000000003907000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1552-151-0x00000000038C0000-0x0000000003E07000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1552-150-0x0000000002810000-0x0000000002D57000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1572-209-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1572-129-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1648-116-0x0000000002CD0000-0x0000000002CE0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1648-118-0x00000000054B0000-0x00000000059F7000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1648-120-0x00000000054B0000-0x00000000059F7000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1648-119-0x00000000054B0000-0x00000000059F7000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1648-121-0x00000000008B0000-0x0000000000C98000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1648-117-0x00000000054B0000-0x00000000059F7000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1648-101-0x00000000008B0000-0x0000000000C98000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1668-195-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1668-149-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1680-95-0x0000000002D90000-0x0000000002DA0000-memory.dmp

        Filesize

        64KB

        Download

      • memory/1680-72-0x0000000000210000-0x000000000023C000-memory.dmp

        Filesize

        176KB

        Download

      • memory/1680-71-0x0000000010000000-0x0000000010051000-memory.dmp

        Filesize

        324KB

        Download

      • memory/1680-68-0x0000000000A90000-0x0000000000E78000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1680-473-0x0000000010000000-0x0000000010051000-memory.dmp

        Filesize

        324KB

        Download

      • memory/1680-74-0x0000000000A90000-0x0000000000E78000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/1680-75-0x0000000000210000-0x000000000023C000-memory.dmp

        Filesize

        176KB

        Download

      • memory/1836-145-0x0000000002810000-0x0000000002D57000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1836-152-0x0000000002810000-0x0000000002D57000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1836-144-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1836-190-0x0000000000400000-0x0000000000947000-memory.dmp

        Filesize

        5.3MB

        Download

      • memory/1952-204-0x0000000002370000-0x0000000002380000-memory.dmp

        Filesize

        64KB

        Download

      • memory/2004-100-0x0000000002CA0000-0x0000000003088000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/2004-99-0x0000000002CA0000-0x0000000003088000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/2016-54-0x00000000766D1000-0x00000000766D3000-memory.dmp

        Filesize

        8KB

        Download

      • memory/2016-65-0x0000000002AB0000-0x0000000002E98000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/2016-64-0x0000000002AB0000-0x0000000002E98000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/2016-73-0x0000000002AB0000-0x0000000002E98000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/2016-66-0x0000000002AB0000-0x0000000002E98000-memory.dmp

        Filesize

        3.9MB

        Download

      • memory/2344-471-0x00000000021A0000-0x00000000021AA000-memory.dmp

        Filesize

        40KB

        Download

      • memory/2344-472-0x00000000021A0000-0x00000000021AA000-memory.dmp

        Filesize

        40KB

        Download