318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96

Analysis

max time kernel
112s
max time network
142s
platform
windows10-2004_x64
resource
win10v2004-20220812-es
resource tags

arch:x64arch:x86image:win10v2004-20220812-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
15/02/2023, 20:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.871-Installer-1.0.6-global.exe
Size

23.6MB
MD5

7a4472a78d0651e11d20aa08e43cc045
SHA1

aab1d5f80d7399ae2c1982201733be7681d100b1
SHA256

318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96
SHA512

c152c9d21b0615548173dcc61accb1a1afd5b6f98e6ec21f6a7119536397f07a54ad4087669716c3344dd338ce4f24cecf9989d472f65eaa18c87d496f23c681
SSDEEP

393216:gXQLpnUN/n8IPfs/dQETVlOBbpFEj9GZ1GphRqV56Hpk7IXOzDnKI17fyVS:ggLFUp8aHExiTI3qqHp6zvKcfyVS

Score

8^/10

discovery persistence spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 16 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	AdditionalExecuteTL.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	irsetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	irsetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	TLauncher-2.871-Installer-1.0.6-global.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Control Panel\International\Geo\Nation	opera.exe

Executes dropped EXE 43 IoCs

pid	Process
4648	irsetup.exe
432	AdditionalExecuteTL.exe
3652	irsetup.exe
532	opera-installer-bro.exe
2860	opera-installer-bro.exe
1032	opera-installer-bro.exe
2896	opera-installer-bro.exe
4800	opera-installer-bro.exe
3752	_sfx.exe
4924	assistant_installer.exe
1344	assistant_installer.exe
2700	installer.exe
2544	installer.exe
4308	launcher.exe
2992	opera.exe
2280	opera_crashreporter.exe
2548	opera.exe
4024	opera.exe
4900	opera.exe
512	opera_crashreporter.exe
4500	opera.exe
912	opera.exe
3496	opera.exe
2888	opera.exe
3780	opera.exe
4784	opera.exe
3416	opera.exe
1124	opera.exe
5112	opera.exe
3680	opera.exe
5008	opera.exe
1536	opera.exe
2900	opera.exe
2044	opera.exe
5244	opera.exe
5268	opera.exe
5344	opera.exe
5392	opera_autoupdate.exe
5464	opera.exe
5504	opera_autoupdate.exe
5532	opera.exe
5580	opera.exe
5700	opera.exe

Loads dropped DLL 64 IoCs

pid	Process
4648	irsetup.exe
4648	irsetup.exe
4648	irsetup.exe
3652	irsetup.exe
532	opera-installer-bro.exe
2860	opera-installer-bro.exe
1032	opera-installer-bro.exe
2896	opera-installer-bro.exe
4800	opera-installer-bro.exe
2700	installer.exe
2544	installer.exe
2992	opera.exe
2992	opera.exe
2548	opera.exe
2548	opera.exe
4024	opera.exe
2548	opera.exe
2548	opera.exe
2548	opera.exe
2548	opera.exe
2548	opera.exe
4900	opera.exe
4900	opera.exe
4024	opera.exe
4500	opera.exe
4500	opera.exe
912	opera.exe
4500	opera.exe
4500	opera.exe
4500	opera.exe
4500	opera.exe
4500	opera.exe
912	opera.exe
3496	opera.exe
3496	opera.exe
2888	opera.exe
2888	opera.exe
3780	opera.exe
3780	opera.exe
4784	opera.exe
4784	opera.exe
3416	opera.exe
3416	opera.exe
1124	opera.exe
1124	opera.exe
5112	opera.exe
5112	opera.exe
3680	opera.exe
3680	opera.exe
5008	opera.exe
5008	opera.exe
1536	opera.exe
1536	opera.exe
2900	opera.exe
2900	opera.exe
2044	opera.exe
2044	opera.exe
5244	opera.exe
5244	opera.exe
5268	opera.exe
5268	opera.exe
5344	opera.exe
5344	opera.exe
5464	opera.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\WOW6432Node\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\LocalServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\WOW6432Node\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\95.0.4635.46\\notification_helper.exe\""	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\WOW6432Node\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\95.0.4635.46\\notification_helper.exe"	installer.exe

UPX packed file 25 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0008000000022e48-133.dat	upx
behavioral1/files/0x0008000000022e48-134.dat	upx
behavioral1/memory/4648-137-0x0000000000040000-0x0000000000428000-memory.dmp	upx
behavioral1/memory/4648-142-0x0000000000040000-0x0000000000428000-memory.dmp	upx
behavioral1/files/0x0008000000022f62-147.dat	upx
behavioral1/files/0x0008000000022f62-148.dat	upx
behavioral1/memory/3652-152-0x0000000000840000-0x0000000000C28000-memory.dmp	upx
behavioral1/files/0x0007000000022f64-155.dat	upx
behavioral1/files/0x0007000000022f64-154.dat	upx
behavioral1/files/0x0007000000022f64-158.dat	upx
behavioral1/memory/532-159-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral1/memory/2860-161-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral1/files/0x0006000000022f79-164.dat	upx
behavioral1/memory/3652-165-0x0000000000840000-0x0000000000C28000-memory.dmp	upx
behavioral1/files/0x0006000000022f79-163.dat	upx
behavioral1/memory/1032-166-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral1/memory/1032-168-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral1/files/0x0007000000022f64-170.dat	upx
behavioral1/files/0x0007000000022f64-175.dat	upx
behavioral1/memory/2896-176-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral1/memory/4800-179-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral1/memory/532-226-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral1/memory/2896-229-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral1/memory/2860-228-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral1/memory/4800-230-0x0000000000400000-0x0000000000947000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\Software\Microsoft\Windows\CurrentVersion\Run	opera.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Opera Stable = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\launcher.exe"	opera.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 3 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	opera-installer-bro.exe
File opened (read-only)	\??\D:	opera-installer-bro.exe
File opened (read-only)	\??\D:	installer.exe

Drops file in Program Files directory 4 IoCs

description	ioc	Process
File created	C:\Program Files\scoped_dir4900_914213273\reborn5.png	opera.exe
File created	C:\Program Files\scoped_dir4900_82977905\persona.ini	opera.exe
File created	C:\Program Files\scoped_dir4900_82977905\reborn5_dark.jpg	opera.exe
File created	C:\Program Files\scoped_dir4900_914213273\persona.ini	opera.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4416	1352	WerFault.exe	63

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	opera.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	opera.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	opera.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	opera.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	opera.exe

Modifies registry class 43 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.htm\OpenWithProgids\OperaStable = "0"	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.shtml\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Applications\opera.exe\shell\open\command	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\WOW6432Node\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\LocalServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\WOW6432Node\CLSID	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\WOW6432Node\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\95.0.4635.46\\notification_helper.exe\""	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable\URL Protocol	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.pdf\OpenWithProgids\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\WOW6432Node	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable\DefaultIcon	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable\shell\open\command	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable\shell\open\ddeexec	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable\shell\open\ddeexec\Application\	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.opdownload	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.opdownload\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.xht	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Applications	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.opdownload\OpenWithProgIDs	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.html\OpenWithProgids\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.shtml	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.xht\OpenWithProgIDs	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.xhtml\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable\shell\open\ddeexec\Topic	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.shtml\OpenWithProgIDs	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Applications\opera.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\Launcher.exe\" \"%1\""	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable\shell\open\ddeexec\Topic\	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable\shell	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\Launcher.exe\" -noautoupdate -- \"%1\""	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable\shell\open\ddeexec\	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable\shell\open\ddeexec\Application	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Applications\opera.exe\shell\open	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable\FriendlyTypeName = "Opera Web Document"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Applications\opera.exe	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\WOW6432Node\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\95.0.4635.46\\notification_helper.exe"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.xhtml	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable\shell\open	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.xht\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\.xhtml\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\Applications\opera.exe\shell	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\WOW6432Node\CLSID\{E7629152-0A34-4487-B787-5D1144304455}	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2295526160-1155304984-640977766-1000_Classes\OperaStable\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\Launcher.exe,0"	installer.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
4900	opera.exe
4900	opera.exe
4900	opera.exe

Suspicious use of AdjustPrivilegeToken 10 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2992	opera.exe
Token: SeCreatePagefilePrivilege	2992	opera.exe
Token: SeShutdownPrivilege	4900	opera.exe
Token: SeCreatePagefilePrivilege	4900	opera.exe
Token: SeShutdownPrivilege	4900	opera.exe
Token: SeCreatePagefilePrivilege	4900	opera.exe
Token: SeShutdownPrivilege	4900	opera.exe
Token: SeCreatePagefilePrivilege	4900	opera.exe
Token: SeShutdownPrivilege	4900	opera.exe
Token: SeCreatePagefilePrivilege	4900	opera.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2700	installer.exe

Suspicious use of SendNotifyMessage 10 IoCs

pid	Process
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4648	irsetup.exe
4648	irsetup.exe
4648	irsetup.exe
4648	irsetup.exe
4648	irsetup.exe
4648	irsetup.exe
4648	irsetup.exe
432	AdditionalExecuteTL.exe
3652	irsetup.exe
3652	irsetup.exe
3652	irsetup.exe
532	opera-installer-bro.exe
2860	opera-installer-bro.exe
1032	opera-installer-bro.exe
2896	opera-installer-bro.exe
4800	opera-installer-bro.exe
3752	_sfx.exe
4924	assistant_installer.exe
1344	assistant_installer.exe
2700	installer.exe
2544	installer.exe
2700	installer.exe
2700	installer.exe
5112	DllHost.exe
5112	DllHost.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
5112	DllHost.exe
5112	DllHost.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe
2700	installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3444 wrote to memory of 4648	3444	TLauncher-2.871-Installer-1.0.6-global.exe	80
PID 3444 wrote to memory of 4648	3444	TLauncher-2.871-Installer-1.0.6-global.exe	80
PID 3444 wrote to memory of 4648	3444	TLauncher-2.871-Installer-1.0.6-global.exe	80
PID 4648 wrote to memory of 432	4648	irsetup.exe	89
PID 4648 wrote to memory of 432	4648	irsetup.exe	89
PID 4648 wrote to memory of 432	4648	irsetup.exe	89
PID 432 wrote to memory of 3652	432	AdditionalExecuteTL.exe	90
PID 432 wrote to memory of 3652	432	AdditionalExecuteTL.exe	90
PID 432 wrote to memory of 3652	432	AdditionalExecuteTL.exe	90
PID 3652 wrote to memory of 532	3652	irsetup.exe	91
PID 3652 wrote to memory of 532	3652	irsetup.exe	91
PID 3652 wrote to memory of 532	3652	irsetup.exe	91
PID 532 wrote to memory of 2860	532	opera-installer-bro.exe	92
PID 532 wrote to memory of 2860	532	opera-installer-bro.exe	92
PID 532 wrote to memory of 2860	532	opera-installer-bro.exe	92
PID 532 wrote to memory of 1032	532	opera-installer-bro.exe	93
PID 532 wrote to memory of 1032	532	opera-installer-bro.exe	93
PID 532 wrote to memory of 1032	532	opera-installer-bro.exe	93
PID 532 wrote to memory of 2896	532	opera-installer-bro.exe	94
PID 532 wrote to memory of 2896	532	opera-installer-bro.exe	94
PID 532 wrote to memory of 2896	532	opera-installer-bro.exe	94
PID 2896 wrote to memory of 4800	2896	opera-installer-bro.exe	95
PID 2896 wrote to memory of 4800	2896	opera-installer-bro.exe	95
PID 2896 wrote to memory of 4800	2896	opera-installer-bro.exe	95
PID 532 wrote to memory of 3752	532	opera-installer-bro.exe	100
PID 532 wrote to memory of 3752	532	opera-installer-bro.exe	100
PID 532 wrote to memory of 3752	532	opera-installer-bro.exe	100
PID 532 wrote to memory of 4924	532	opera-installer-bro.exe	101
PID 532 wrote to memory of 4924	532	opera-installer-bro.exe	101
PID 532 wrote to memory of 4924	532	opera-installer-bro.exe	101
PID 4924 wrote to memory of 1344	4924	assistant_installer.exe	102
PID 4924 wrote to memory of 1344	4924	assistant_installer.exe	102
PID 4924 wrote to memory of 1344	4924	assistant_installer.exe	102
PID 2896 wrote to memory of 2700	2896	opera-installer-bro.exe	106
PID 2896 wrote to memory of 2700	2896	opera-installer-bro.exe	106
PID 2700 wrote to memory of 2544	2700	installer.exe	107
PID 2700 wrote to memory of 2544	2700	installer.exe	107
PID 2700 wrote to memory of 4308	2700	installer.exe	110
PID 2700 wrote to memory of 4308	2700	installer.exe	110
PID 4308 wrote to memory of 2992	4308	launcher.exe	111
PID 4308 wrote to memory of 2992	4308	launcher.exe	111
PID 2992 wrote to memory of 2280	2992	opera.exe	112
PID 2992 wrote to memory of 2280	2992	opera.exe	112
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113
PID 2992 wrote to memory of 2548	2992	opera.exe	113

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3444
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6-global.exe" "__IRCT:3" "__IRTSS:24771453" "__IRSID:S-1-5-21-2295526160-1155304984-640977766-1000"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4648
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:432
  - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-2295526160-1155304984-640977766-1000"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:3652
    - - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Modifies system certificate store
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:532
      - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.46 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6ec2e428,0x6ec2e438,0x6ec2e444
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2860
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:1032
      - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=es --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=532 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230215212411" --session-guid=3a87239b-e170-408a-b48d-cd2fa63e0a76 --server-tracking-blob=M2JlZDdjNGI3Y2UyNTlkMDk3YmQ4NWE2MWY2MGE1YmFkYTc3NDFjZTdlNGFlY2MxZDgyNmNjOWE2YmE0NTEzMzp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzY0OTI2NTEuNDM5MCIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiZWNkMDg5NGItMDc2MS00NWE3LTk0NTAtMDEwNTUzZTUyMGFkIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=BC05000000000000
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2896
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.46 --initial-client-data=0x34c,0x350,0x354,0x31c,0x358,0x6e10e428,0x6e10e438,0x6e10e444
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:4800
        
        C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\installer.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\installer.exe" --backend --initial-pid=532 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=es --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111" --session-guid=3a87239b-e170-408a-b48d-cd2fa63e0a76 --server-tracking-blob=M2JlZDdjNGI3Y2UyNTlkMDk3YmQ4NWE2MWY2MGE1YmFkYTc3NDFjZTdlNGFlY2MxZDgyNmNjOWE2YmE0NTEzMzp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzY0OTI2NTEuNDM5MCIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiZWNkMDg5NGItMDc2MS00NWE3LTk0NTAtMDEwNTUzZTUyMGFkIn0= --silent --desktopshortcut=1 --install-subfolder=95.0.4635.46
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Enumerates connected drives
        Modifies registry class
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:2700
        
        C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\installer.exe
        
        C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.46 --initial-client-data=0x2bc,0x2c0,0x2c4,0x298,0x2c8,0x7fffb117a908,0x7fffb117a918,0x7fffb117a928
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:2544
        
        C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4308
        
        C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates system info in registry
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of WriteProcessMemory
        
        PID:2992
        
        C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\opera_crashreporter.exe
        
        C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.46 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x7fffa7e93a18,0x7fffa7e93a28,0x7fffa7e93a38
        10⤵
        Executes dropped EXE
        
        PID:2280
        
        C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1712 --field-trial-handle=1948,i,16953795950808498431,13837360199619337788,131072 /prefetch:2
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2548
        
        C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2100 --field-trial-handle=1948,i,16953795950808498431,13837360199619337788,131072 /prefetch:8
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:4024
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\assistant\_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\assistant\_sfx.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:3752
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\assistant\assistant_installer.exe" --version
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4924
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2cc,0x2fc,0xfa2dc0,0xfa2dd0,0xfa2ddc
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:1344

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 440 -p 1352 -ip 1352
1⤵
PID:4828

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 1352 -s 2472
1⤵
- Program crash
PID:4416

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
1⤵
- Suspicious use of SetWindowsHookEx
PID:5112

C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4900
- C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\opera_crashreporter.exe
  C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.46 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x7fffa7e93a18,0x7fffa7e93a28,0x7fffa7e93a38
  2⤵
  - Executes dropped EXE
  PID:512
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4500
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=es --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1944 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:912
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2176 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3496
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=3040 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2888
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=3052 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3780
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=3064 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4784
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=3080 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3416
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=es --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=3092 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1124
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --first-renderer-process --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=3312 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5112
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=3320 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3680
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3796 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5008
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=3804 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1536
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=3860 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2900
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=3868 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2044
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4084 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5244
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=4480 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5268
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=es --service-sandbox-type=audio --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=4672 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5344
- C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\opera_autoupdate.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
  2⤵
  - Executes dropped EXE
  PID:5392
- - C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\opera_autoupdate.exe
    C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.46 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff64156cbd8,0x7ff64156cbe8,0x7ff64156cbf8
    3⤵
    - Executes dropped EXE
    PID:5504
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=es --service-sandbox-type=none --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=5288 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5532
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --disable-gpu-compositing --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=5468 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5580
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --disable-gpu-compositing --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5456 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5700
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:campaign-ignore-dna=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --disable-gpu-compositing --lang=es --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=5216 --field-trial-handle=2052,i,13701671229290503681,1979700432359009426,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5464

C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=95.0.4635.46 --newautoupdaterlogic
1⤵
PID:5420

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
471B

MD5
65912e3400053998615bfe8ad61d2dc8

SHA1
f353f5c60bb3720b570c17cd29ca7ac6e4b1aa8e

SHA256
6d1737720f4bd748c0c9a16231706e874c512bac06d06b24ef04f1177e10bb65

SHA512
887fb1ce7d43751e0a7aa7be1d27a969a26af008d7a236c62b965650cbba20e51f5a048f261a8bd7c11ffe3732cc374401ce3048d81f2b5835769f70555fd33a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
404B

MD5
4fd787518551fc5f0dba919bde6d13e9

SHA1
7c267eeaa6f1059c48a6f89d4e000022fdc07681

SHA256
e005e4ccc84eb4ea12c3bbf09abbb0e23aa7fa6bb3df36c1eca5bfe4791056d2

SHA512
679b4ee9013fa60321622b73fdb19674f4917cd63d12d12eb1af771daa04fcb51516f22755a7000054fff88362f7363a806dc7b646a718656f186e4c6cb4d812

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\installer.exe

Filesize
6.2MB

MD5
219dcc5c80195b3b8cc9f91d2e521b27

SHA1
df2aa016cae91532fc441d8039196aaaa38a73c7

SHA256
ab6705c3c82fd8808b87e0e8a81a4024fe16f2bc29fbca816fda631f9114c15b

SHA512
610b814f37b81bf32a6d20531680242478381f0d74cdb00e0776ef68fe9bfe49e9750af5e3dd52aabc5a727180e220af83e0f547b34bb4f1b09bc376a53b479a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\installer.exe

Filesize
6.2MB

MD5
219dcc5c80195b3b8cc9f91d2e521b27

SHA1
df2aa016cae91532fc441d8039196aaaa38a73c7

SHA256
ab6705c3c82fd8808b87e0e8a81a4024fe16f2bc29fbca816fda631f9114c15b

SHA512
610b814f37b81bf32a6d20531680242478381f0d74cdb00e0776ef68fe9bfe49e9750af5e3dd52aabc5a727180e220af83e0f547b34bb4f1b09bc376a53b479a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\opera_browser.dll

Filesize
187.3MB

MD5
dc27bbc2b8bd97e7dd5d2a9d75118372

SHA1
945f4cd1a6ba4d5ce3a39eddee61221cd35a946b

SHA256
0794daf54d45cbc3069c33c7c3b836d801f87454f047ca3164c23de0a13ed5e4

SHA512
764358077706cbb08c8703c8abd8a5da188225938431123b96b636b923739f4ada97bb5b555c5720359f3afbf5e5ed98e26ae588a866c158cc378ce8578290cc

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\opera_browser.dll

Filesize
187.3MB

MD5
dc27bbc2b8bd97e7dd5d2a9d75118372

SHA1
945f4cd1a6ba4d5ce3a39eddee61221cd35a946b

SHA256
0794daf54d45cbc3069c33c7c3b836d801f87454f047ca3164c23de0a13ed5e4

SHA512
764358077706cbb08c8703c8abd8a5da188225938431123b96b636b923739f4ada97bb5b555c5720359f3afbf5e5ed98e26ae588a866c158cc378ce8578290cc

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\opera_crashreporter.exe

Filesize
2.3MB

MD5
00fab37d7cf4a5869bd8b906b658bdc0

SHA1
47570c5242d6930a90d5e901ba389460e3568585

SHA256
e71c64ac1868f18df819eb24035116410024affc68a3ba08009aac5489f7573f

SHA512
b04a9fddd59225ebb305e53223b660778518af5b5b8b9144b33a1a59dd72ac5d6fa6d41c3a18b0f0e70925560fffc320f4eb4b56017018e8aa5224ce7a28bcd9

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\opera_elf.dll

Filesize
1.1MB

MD5
f85fc162744e7437e217f358dc85f306

SHA1
24e53443197aed6ea9de60a913ebadc6c734d4cb

SHA256
e42010086d02151167d901ada7f56309aa225910a314549be16c795a6bc52511

SHA512
8dc963ce3a9ad342d0af471de726943855b62c68e9867eb7e7911fafc034205755efa9de8533f2609b02ca5dd9da4f257f6ddf66dd10fac766bd81883384215b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.46\opera_elf.dll

Filesize
1.1MB

MD5
f85fc162744e7437e217f358dc85f306

SHA1
24e53443197aed6ea9de60a913ebadc6c734d4cb

SHA256
e42010086d02151167d901ada7f56309aa225910a314549be16c795a6bc52511

SHA512
8dc963ce3a9ad342d0af471de726943855b62c68e9867eb7e7911fafc034205755efa9de8533f2609b02ca5dd9da4f257f6ddf66dd10fac766bd81883384215b

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\installation_status.json

Filesize
11KB

MD5
298e9ba15f585f610d4f88eaf32584e3

SHA1
8b15b8ef37c1399c6ea5312de022951e5a6a7a1f

SHA256
7366fb573bc8e7ad6943d8d33576483dc5233eed61573bcf49bf2e458d1255f6

SHA512
dc8b65c376ae1ccb05f51bc9f35d4951807c005f9262c4da01ddbd4a114fbd8c9940edd2ccb67c6ba75f8dedfdcb3bfa7ca17bf0d595f6650212e10d2ac2727f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\installer_prefs.json

Filesize
1KB

MD5
7c1d81a86cb61c2fd0a2e360485e4217

SHA1
f49b2b8b8e1aa036634d3a0b887dc4ed4bbad3a4

SHA256
ec563e13c9ec49998239182f62166adf6997426f7160c7230ad1b995b9dda3ca

SHA512
8d546409b439cd43695e3ac02f696b40c84a3e4de1d29b03b11d24194e0234f59a3b7be16d76b2f0386ad82e2fc748dd4cbd72d23197ed964e32a121b2535002

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe

Filesize
2.5MB

MD5
5cb367763221dbd12ccebb135df39901

SHA1
64ff8e84ce7d61abd83d7258de9014765e1c9a09

SHA256
2041f38a5e4293dcc077a9b47f0057d7cfb68db5acd4f0788e00df058ba4cca2

SHA512
de0513ede0bd856c24f18d9318b1de24814d7f974f288a594989f43525e79d4f63a1228bfe7908cc8f555856436c1bd0f469325aae39ce25f3b52de01585b78f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe

Filesize
2.5MB

MD5
5cb367763221dbd12ccebb135df39901

SHA1
64ff8e84ce7d61abd83d7258de9014765e1c9a09

SHA256
2041f38a5e4293dcc077a9b47f0057d7cfb68db5acd4f0788e00df058ba4cca2

SHA512
de0513ede0bd856c24f18d9318b1de24814d7f974f288a594989f43525e79d4f63a1228bfe7908cc8f555856436c1bd0f469325aae39ce25f3b52de01585b78f

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe

Filesize
1.5MB

MD5
cc44df1381ba99db881d948eb8361092

SHA1
e6ca8892d3aba8ac676ab82f7edb77462bf020d1

SHA256
641b2639893d8695a660b1782eb209d9cb59a0cd242fc243b886203030665087

SHA512
0e605877405c3d5cfda8c7df6cca173cee4b24a4a060755a759ca8c2ad432ca327beb917240eebf6fb046307caf8b78271a90faf346edb252d9fa517f9dd673a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe

Filesize
1.5MB

MD5
cc44df1381ba99db881d948eb8361092

SHA1
e6ca8892d3aba8ac676ab82f7edb77462bf020d1

SHA256
641b2639893d8695a660b1782eb209d9cb59a0cd242fc243b886203030665087

SHA512
0e605877405c3d5cfda8c7df6cca173cee4b24a4a060755a759ca8c2ad432ca327beb917240eebf6fb046307caf8b78271a90faf346edb252d9fa517f9dd673a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe

Filesize
1.5MB

MD5
cc44df1381ba99db881d948eb8361092

SHA1
e6ca8892d3aba8ac676ab82f7edb77462bf020d1

SHA256
641b2639893d8695a660b1782eb209d9cb59a0cd242fc243b886203030665087

SHA512
0e605877405c3d5cfda8c7df6cca173cee4b24a4a060755a759ca8c2ad432ca327beb917240eebf6fb046307caf8b78271a90faf346edb252d9fa517f9dd673a

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\pref_default_overrides

Filesize
57B

MD5
f488c9f9d9d5e631484d4bf155f45442

SHA1
0f0e624770e47bea5186748a9de85c677dd84fa7

SHA256
e6f214ff5ccbbe6e7abcf309138cdcb46d3fe3915e9bbbe8dd3c15afb439f708

SHA512
d72d1daa86e650a0589f6991f7a7bb3b7ca3484d49bc0d0d703b28b8f399f3123df2bf3c949a899fab55bde7d888736f655e462e2cd02ade59bbf9e67df54064

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
391219a9851dfeef3ca5cefb53171148

SHA1
8006955f82f3dbbc6c0684de767657615f181081

SHA256
248ea10f3ac6869850544abfdfde79626fe856b0ababd70abdff22d19ddb4b76

SHA512
51105a60dd40761a6796ed56a3644410e7ab92e8c8a4f74018d3155134373b9607d3814e9be47fd82cbe10125fa7119f719d8ac7811174dadfbdf72782e8bd86

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
391219a9851dfeef3ca5cefb53171148

SHA1
8006955f82f3dbbc6c0684de767657615f181081

SHA256
248ea10f3ac6869850544abfdfde79626fe856b0ababd70abdff22d19ddb4b76

SHA512
51105a60dd40761a6796ed56a3644410e7ab92e8c8a4f74018d3155134373b9607d3814e9be47fd82cbe10125fa7119f719d8ac7811174dadfbdf72782e8bd86

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\assistant\_sfx.exe

Filesize
1.7MB

MD5
0238df215bf6943892daf85de8ad433a

SHA1
3d905e4e2c0e9170df61b7a199321847691f945e

SHA256
a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

SHA512
fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\assistant\_sfx.exe

Filesize
1.7MB

MD5
0238df215bf6943892daf85de8ad433a

SHA1
3d905e4e2c0e9170df61b7a199321847691f945e

SHA256
a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

SHA512
fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
9df6e2fbb7e38964f35016bf91ef7424

SHA1
d0c1266dc46814bc6165cf6a69e90581228989a7

SHA256
3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

SHA512
b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
9df6e2fbb7e38964f35016bf91ef7424

SHA1
d0c1266dc46814bc6165cf6a69e90581228989a7

SHA256
3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

SHA512
b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
9df6e2fbb7e38964f35016bf91ef7424

SHA1
d0c1266dc46814bc6165cf6a69e90581228989a7

SHA256
3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

SHA512
b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\assistant\browser_assistant.exe

Filesize
3.7MB

MD5
eb566b6d6a9a917fb73f426beaf54780

SHA1
369c4de1dea598e62cf144780e7893ed925edb8b

SHA256
86a1d1f212cc55d1ac61bf636bd23518375f5a08df058b65392063e7b5bceebf

SHA512
43af29dc4cd5a37df9c07ec1df9eac1c64da7b5b183f6627d9a9d1f27c998a09954ecaacb02dc1ac0546c286b95111de9a031b849cebad543d818190eca6eb52

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\assistant\files_list

Filesize
61B

MD5
2f070a8ddb1e4a5bc2137dbb2967e9a8

SHA1
f9f38da409c2d4dfce3471cf6621b7b81b797bf5

SHA256
4c3722675f9e72c3ece2a029dc8637cd8219ceb40b623d6dc75647314036ad3c

SHA512
52fcb7870637f46d156d2f210e119a52b5b5226b9aede66acf51160fba45310d865dc4cce1bd8a82156c414175de49a5dcb527cf9f635f925d3c5603872cdd7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\assistant\mojo_core.dll

Filesize
1.3MB

MD5
9ae668c697be8300144c5a563853e753

SHA1
114e63a1eb41f73dc8feabe4c6bb7621a2d6ae1b

SHA256
a3db9e15675a5819a915599cad1d68b4e7013a71c35f2e943b8c9c682ca8705e

SHA512
919ea6ce9a60d38b387d3cbae47f3a0af37c2b106c3370a2a5fd096e67aa316acd8a636a36cb446191fd3e4bfe4fe58e0d4151f60ca16a1cdc586d755a45c97d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\installer_prefs_include.json

Filesize
1KB

MD5
cfc87122f600446d16f7e9e435893c4f

SHA1
cd5f1ddfddb68ed7e80c2ab22e55e49a992df291

SHA256
1d48e75c56a4f0ddf35e6f4d080f0ee41cd1c2452d8dba0e3edaaff85e016ad2

SHA512
9cb471a46c1bd62073bea94cd85db2bd44612c86cd078cadaf89a77830ad08de803700538b940ef95e2c555aebda0c48cfd0c864aba3a30290002752454a749e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\installer_prefs_include.json.backup

Filesize
1KB

MD5
cfc87122f600446d16f7e9e435893c4f

SHA1
cd5f1ddfddb68ed7e80c2ab22e55e49a992df291

SHA256
1d48e75c56a4f0ddf35e6f4d080f0ee41cd1c2452d8dba0e3edaaff85e016ad2

SHA512
9cb471a46c1bd62073bea94cd85db2bd44612c86cd078cadaf89a77830ad08de803700538b940ef95e2c555aebda0c48cfd0c864aba3a30290002752454a749e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\installer_prefs_include.json.backup

Filesize
1KB

MD5
cfc87122f600446d16f7e9e435893c4f

SHA1
cd5f1ddfddb68ed7e80c2ab22e55e49a992df291

SHA256
1d48e75c56a4f0ddf35e6f4d080f0ee41cd1c2452d8dba0e3edaaff85e016ad2

SHA512
9cb471a46c1bd62073bea94cd85db2bd44612c86cd078cadaf89a77830ad08de803700538b940ef95e2c555aebda0c48cfd0c864aba3a30290002752454a749e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\opera_package

Filesize
86.9MB

MD5
52059f9908aca2af15df265bfb73517f

SHA1
141ce7239b067ee7b266594ea6bb23e730f73621

SHA256
7b8ee89686128fb3e73542395e49eec5da3f730039de32ac2cfe58a4e7525b73

SHA512
191df166c778d6ddd9cbb4ba17d24945aeb6554183eff1084dfa07221114f3d420074176a329fb561fe75600ee874e115b7c32a4ca3f795096e907ca3f601266

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302152124111\pref_default_overrides

Filesize
57B

MD5
f488c9f9d9d5e631484d4bf155f45442

SHA1
0f0e624770e47bea5186748a9de85c677dd84fa7

SHA256
e6f214ff5ccbbe6e7abcf309138cdcb46d3fe3915e9bbbe8dd3c15afb439f708

SHA512
d72d1daa86e650a0589f6991f7a7bb3b7ca3484d49bc0d0d703b28b8f399f3123df2bf3c949a899fab55bde7d888736f655e462e2cd02ade59bbf9e67df54064

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_230215212408066532.dll

Filesize
4.6MB

MD5
5ecb01e7d94ce0a17c96b53fc1fcfa44

SHA1
a48e8c9e2b0d92e273830ee450427bd7a4da8d4e

SHA256
4a4199a22faa2995d8149f4433d1505e19afc8ad91d4f74fbc70f2f66d0afab4

SHA512
33167e72712d14422e37c72308ee97d08f307af1b3279ca1bc43b9a383b73fe6dbd0f0389a1870d6023692e1b3fe3d82a18bbccc13f6192f4abd155f1994b333

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302152124087702860.dll

Filesize
4.6MB

MD5
5ecb01e7d94ce0a17c96b53fc1fcfa44

SHA1
a48e8c9e2b0d92e273830ee450427bd7a4da8d4e

SHA256
4a4199a22faa2995d8149f4433d1505e19afc8ad91d4f74fbc70f2f66d0afab4

SHA512
33167e72712d14422e37c72308ee97d08f307af1b3279ca1bc43b9a383b73fe6dbd0f0389a1870d6023692e1b3fe3d82a18bbccc13f6192f4abd155f1994b333

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302152124108241032.dll

Filesize
4.6MB

MD5
5ecb01e7d94ce0a17c96b53fc1fcfa44

SHA1
a48e8c9e2b0d92e273830ee450427bd7a4da8d4e

SHA256
4a4199a22faa2995d8149f4433d1505e19afc8ad91d4f74fbc70f2f66d0afab4

SHA512
33167e72712d14422e37c72308ee97d08f307af1b3279ca1bc43b9a383b73fe6dbd0f0389a1870d6023692e1b3fe3d82a18bbccc13f6192f4abd155f1994b333

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302152124116922896.dll

Filesize
4.6MB

MD5
5ecb01e7d94ce0a17c96b53fc1fcfa44

SHA1
a48e8c9e2b0d92e273830ee450427bd7a4da8d4e

SHA256
4a4199a22faa2995d8149f4433d1505e19afc8ad91d4f74fbc70f2f66d0afab4

SHA512
33167e72712d14422e37c72308ee97d08f307af1b3279ca1bc43b9a383b73fe6dbd0f0389a1870d6023692e1b3fe3d82a18bbccc13f6192f4abd155f1994b333

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302152124119574800.dll

Filesize
4.6MB

MD5
5ecb01e7d94ce0a17c96b53fc1fcfa44

SHA1
a48e8c9e2b0d92e273830ee450427bd7a4da8d4e

SHA256
4a4199a22faa2995d8149f4433d1505e19afc8ad91d4f74fbc70f2f66d0afab4

SHA512
33167e72712d14422e37c72308ee97d08f307af1b3279ca1bc43b9a383b73fe6dbd0f0389a1870d6023692e1b3fe3d82a18bbccc13f6192f4abd155f1994b333

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302152124421372700.dll

Filesize
5.5MB

MD5
707e43617c074f2df620790fc5b2d835

SHA1
5471fa80cf91a702b57ad8d732f34a9a50164e83

SHA256
1a052d57333dac100be03f9f0a46c85afbfe0c2dd4df3b115e5d87eb124d31db

SHA512
3b47c3a39fedffe97f398d0aaaa262d8974bb725d151e648cd455ce26b4a0a1ff727239e2319e1ef3736005857542a83464556b805577de7a1aab96a16d3c6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302152124429492544.dll

Filesize
5.5MB

MD5
707e43617c074f2df620790fc5b2d835

SHA1
5471fa80cf91a702b57ad8d732f34a9a50164e83

SHA256
1a052d57333dac100be03f9f0a46c85afbfe0c2dd4df3b115e5d87eb124d31db

SHA512
3b47c3a39fedffe97f398d0aaaa262d8974bb725d151e648cd455ce26b4a0a1ff727239e2319e1ef3736005857542a83464556b805577de7a1aab96a16d3c6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
7e08af319c9eb3297e09ca7bb8387de4

SHA1
4cf091f77a3eb9437ef33985e64bd10c1257284f

SHA256
6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

SHA512
bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
7e08af319c9eb3297e09ca7bb8387de4

SHA1
4cf091f77a3eb9437ef33985e64bd10c1257284f

SHA256
6c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8

SHA512
bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
391219a9851dfeef3ca5cefb53171148

SHA1
8006955f82f3dbbc6c0684de767657615f181081

SHA256
248ea10f3ac6869850544abfdfde79626fe856b0ababd70abdff22d19ddb4b76

SHA512
51105a60dd40761a6796ed56a3644410e7ab92e8c8a4f74018d3155134373b9607d3814e9be47fd82cbe10125fa7119f719d8ac7811174dadfbdf72782e8bd86

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
391219a9851dfeef3ca5cefb53171148

SHA1
8006955f82f3dbbc6c0684de767657615f181081

SHA256
248ea10f3ac6869850544abfdfde79626fe856b0ababd70abdff22d19ddb4b76

SHA512
51105a60dd40761a6796ed56a3644410e7ab92e8c8a4f74018d3155134373b9607d3814e9be47fd82cbe10125fa7119f719d8ac7811174dadfbdf72782e8bd86

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
391219a9851dfeef3ca5cefb53171148

SHA1
8006955f82f3dbbc6c0684de767657615f181081

SHA256
248ea10f3ac6869850544abfdfde79626fe856b0ababd70abdff22d19ddb4b76

SHA512
51105a60dd40761a6796ed56a3644410e7ab92e8c8a4f74018d3155134373b9607d3814e9be47fd82cbe10125fa7119f719d8ac7811174dadfbdf72782e8bd86

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
391219a9851dfeef3ca5cefb53171148

SHA1
8006955f82f3dbbc6c0684de767657615f181081

SHA256
248ea10f3ac6869850544abfdfde79626fe856b0ababd70abdff22d19ddb4b76

SHA512
51105a60dd40761a6796ed56a3644410e7ab92e8c8a4f74018d3155134373b9607d3814e9be47fd82cbe10125fa7119f719d8ac7811174dadfbdf72782e8bd86

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
391219a9851dfeef3ca5cefb53171148

SHA1
8006955f82f3dbbc6c0684de767657615f181081

SHA256
248ea10f3ac6869850544abfdfde79626fe856b0ababd70abdff22d19ddb4b76

SHA512
51105a60dd40761a6796ed56a3644410e7ab92e8c8a4f74018d3155134373b9607d3814e9be47fd82cbe10125fa7119f719d8ac7811174dadfbdf72782e8bd86

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

Filesize
647B

MD5
54b4c8080c71bd9bebfffe18fc81bab0

SHA1
22be2532769a27cc823e4f2a2a47128bea0029be

SHA256
bd00e8f9e50d872480731273e5ea78471431b120445fa667c528c175855d5170

SHA512
01227349d3a5b798e5061c04569af5e9accc3d046cb98cfbd47f6426b2d7c139bc93a63a830738850bb40140c451693c3fc9b8cb8e0f226fc06b42bafc227295

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Navegador Opera.lnk

Filesize
1KB

MD5
94eb8998f5c6b965e646754f23d0b7ca

SHA1
9dc9e63b9c456450e3042d461bc2dd70ba3f8199

SHA256
11d466493ddf5eb7f2a418ea4300812b4058067bf9fb54ee2fa14991cda02d77

SHA512
edddc00ca9636958173d7610a9436590c8813c5e3d7e6f8d6edb294cd749855209cd970b502dbb3de2f4a6fdd91a15c05a5b64f5493e5baaa9a962236addbaec

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
f917ee08ad8e15d622c5445fc13e64f3

SHA1
2e84bea1a175af43cb2540b660a101535e52edf8

SHA256
226c2b9227e1802b27dc11c6e5290115733a65b6fa38e16b4931fed4db370c10

SHA512
838c9e01d23f6626d8cf9c25cffa671395c533375673fe264ef8b13bae1c41fff1865214ca31b29bd4951a9b1b0b1b00e465240e0e8b9e670558636f8ad90848

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
f917ee08ad8e15d622c5445fc13e64f3

SHA1
2e84bea1a175af43cb2540b660a101535e52edf8

SHA256
226c2b9227e1802b27dc11c6e5290115733a65b6fa38e16b4931fed4db370c10

SHA512
838c9e01d23f6626d8cf9c25cffa671395c533375673fe264ef8b13bae1c41fff1865214ca31b29bd4951a9b1b0b1b00e465240e0e8b9e670558636f8ad90848

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
f917ee08ad8e15d622c5445fc13e64f3

SHA1
2e84bea1a175af43cb2540b660a101535e52edf8

SHA256
226c2b9227e1802b27dc11c6e5290115733a65b6fa38e16b4931fed4db370c10

SHA512
838c9e01d23f6626d8cf9c25cffa671395c533375673fe264ef8b13bae1c41fff1865214ca31b29bd4951a9b1b0b1b00e465240e0e8b9e670558636f8ad90848

Download Submit
memory/532-159-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/532-226-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/1032-168-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/1032-166-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/2860-161-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/2860-228-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/2896-229-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/2896-176-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/3652-165-0x0000000000840000-0x0000000000C28000-memory.dmp

Filesize
3.9MB

Download
memory/3652-152-0x0000000000840000-0x0000000000C28000-memory.dmp

Filesize
3.9MB

Download
memory/4648-140-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/4648-141-0x0000000006940000-0x0000000006943000-memory.dmp

Filesize
12KB

Download
memory/4648-142-0x0000000000040000-0x0000000000428000-memory.dmp

Filesize
3.9MB

Download
memory/4648-137-0x0000000000040000-0x0000000000428000-memory.dmp

Filesize
3.9MB

Download
memory/4800-179-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/4800-230-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download