Overview

overview

10

Static

static

Catia-V-R-...2k.exe

windows7_x64

10

Catia-V-R-...2k.exe

windows10_x64

10

Analysis

  • max time kernel
    135s
  • max time network
    155s
  • platform
    windows10_x64
  • resource
    win10-en-20211208
  • submitted
    24-12-2021 02:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Catia-V-R-Crack-Bitr_aw2jo2k.exe

  • Size

    4.4MB

  • MD5

    31ac11da3ff0c5ea9a9952ab15e2b7b2

  • SHA1

    d6bae54386b12b28480af0a1702433b0b795f91f

  • SHA256

    28ad8571a737ed7bfa0c7bf42eff699b1a05f5e5451754f2b0c2651f2d34d360

  • SHA512

    1f6ed529199bbc7bca5fb1a2e63ebd384ec2dbd89c6d3708fcf8f08672a3ac603016b07dcd32e4814008cb19be9fcafac45555b68e9e1ba85cb9a3665e8d4e21

Score
10/10
cryptbotraccoonredline10df78e3bcb139ac6d74e33b3ecc811fe930199c181238e657906bc2aba377ff4e0573d5dd7d7c26aad6discoveryevasioninfostealerpersistencespywarestealerthemidatrojanupx

Malware Config

Extracted

Family

redline

Botnet

1812

C2

m360li.info:81

Extracted

Family

cryptbot

C2

dainfe42.top

morvtu04.top

Extracted

Family

raccoon

Botnet

10df78e3bcb139ac6d74e33b3ecc811fe930199c

Attributes
  • url4cnc

    http://194.180.174.53/h_electricryptors2

    http://91.219.236.18/h_electricryptors2

    http://194.180.174.41/h_electricryptors2

    http://91.219.236.148/h_electricryptors2

    https://t.me/h_electricryptors2

rc4.plain
rc4.plain

Extracted

Family

raccoon

Botnet

38e657906bc2aba377ff4e0573d5dd7d7c26aad6

Attributes
  • url4cnc

    http://194.180.174.53/jevachwa

    http://91.219.236.18/jevachwa

    http://194.180.174.41/jevachwa

    http://91.219.236.148/jevachwa

    https://t.me/jevachwa

rc4.plain
rc4.plain

Signatures

  • CryptBot

    A C++ stealer distributed widely in bundle with other software.

    spywarestealercryptbot
  • Raccoon

    Simple but powerful infostealer which was very active in 2019.

    stealerraccoon
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine Payload 3 IoCs
  • Registers COM server for autorun 1 TTPs
    persistence
  • ACProtect 1.3x - 1.4x DLL software 2 IoCs

    Detects file using ACProtect software.

  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs
    evasion
  • Blocklisted process makes network request 15 IoCs
  • Downloads MZ/PE file
  • Drops file in Drivers directory 3 IoCs
  • Executes dropped EXE 64 IoCs
  • UPX packed file 8 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks BIOS information in registry 2 TTPs 2 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 16 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Themida packer 6 IoCs

    Detects Themida, an advanced Windows software protection system.

    themida
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Enumerates connected drives 3 TTPs 51 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs
  • Drops file in System32 directory 17 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 4 IoCs
  • Suspicious use of SetThreadContext 2 IoCs
  • autoit_exe 2 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 31 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 56 IoCs
  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Kills process with taskkill 1 IoCs
    evasion
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 21 IoCs
    evasionspywaretrojan
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: MapViewOfSection 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of SetWindowsHookEx 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Catia-V-R-Crack-Bitr_aw2jo2k.exe
    "C:\Users\Admin\AppData\Local\Temp\Catia-V-R-Crack-Bitr_aw2jo2k.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:2940
    • C:\Users\Admin\AppData\Local\Temp\is-M44QD.tmp\is-AU61L.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-M44QD.tmp\is-AU61L.tmp" /SL4 $401D6 "C:\Users\Admin\AppData\Local\Temp\Catia-V-R-Crack-Bitr_aw2jo2k.exe" 4426979 52736
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Drops file in Program Files directory
      • Suspicious use of WriteProcessMemory
      PID:3880
      • C:\Program Files (x86)\Et\quo\Dolor.exe
        "C:\Program Files (x86)\Et/\quo\Dolor.exe" 23f151a942ce9ae176086b16882d65ad
        3⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Suspicious use of WriteProcessMemory
        PID:912
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 864
          4⤵
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:816
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 844
          4⤵
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1600
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 908
          4⤵
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:3284
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1012
          4⤵
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:3588
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1048
          4⤵
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:756
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1000
          4⤵
          • Program crash
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of AdjustPrivilegeToken
          PID:1656
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1104
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:404
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1228
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:1032
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1200
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:712
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1056
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:2416
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1240
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:1412
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1456
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:1456
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1460
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:2192
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1404
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:1960
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1500
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:2312
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1676
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:2484
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1536
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:3936
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1544
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:64
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1512
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:3624
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1544
          4⤵
          • Program crash
          PID:1944
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1452
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:2252
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1540
          4⤵
          • Program crash
          PID:376
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1516
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:488
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1796
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:3620
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1704
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:1944
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1452
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:2500
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1832
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:376
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1648
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:1244
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1796
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:2264
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1916
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:3220
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1868
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:872
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1868
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:1516
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 1996
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:4064
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2088
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:1200
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2028
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:3008
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2144
          4⤵
          • Program crash
          • Suspicious use of AdjustPrivilegeToken
          PID:1996
        • C:\Users\Admin\AppData\Local\Temp\ck1tkfLh\sRRpGBI.exe
          C:\Users\Admin\AppData\Local\Temp\ck1tkfLh\sRRpGBI.exe /VERYSILENT
          4⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Suspicious use of WriteProcessMemory
          PID:2120
          • C:\Users\Admin\AppData\Local\Temp\Skype.exe
            C:\Users\Admin\AppData\Local\Temp\Skype.exe
            5⤵
            • Executes dropped EXE
            PID:4700
          • C:\Users\Admin\AppData\Local\Temp\crashreporter.exe
            C:\Users\Admin\AppData\Local\Temp\crashreporter.exe
            5⤵
            • Executes dropped EXE
            • Suspicious use of SetThreadContext
            PID:1684
            • C:\Users\Admin\AppData\Local\Temp\crashreporter.exe
              C:\Users\Admin\AppData\Local\Temp\crashreporter.exe
              6⤵
              • Executes dropped EXE
              PID:6104
            • C:\Users\Admin\AppData\Local\Temp\crashreporter.exe
              C:\Users\Admin\AppData\Local\Temp\crashreporter.exe
              6⤵
              • Executes dropped EXE
              PID:6112
          • C:\Windows\SysWOW64\cmd.exe
            "C:\Windows\system32\cmd.exe" /k ping 0 & del C:\Users\Admin\AppData\Local\Temp\ck1tkfLh\sRRpGBI.exe & exit
            5⤵
              PID:4144
              • C:\Windows\SysWOW64\PING.EXE
                ping 0
                6⤵
                • Runs ping.exe
                PID:5316
          • C:\Windows\SysWOW64\WerFault.exe
            C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2152
            4⤵
            • Program crash
            • Suspicious use of AdjustPrivilegeToken
            PID:4136
          • C:\Users\Admin\AppData\Local\Temp\UdSOUwq2\402yoFu.exe
            C:\Users\Admin\AppData\Local\Temp\UdSOUwq2\402yoFu.exe --silent --allusers=0
            4⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Enumerates connected drives
            • Modifies system certificate store
            • Suspicious use of WriteProcessMemory
            PID:4128
            • C:\Users\Admin\AppData\Local\Temp\UdSOUwq2\402yoFu.exe
              C:\Users\Admin\AppData\Local\Temp\UdSOUwq2\402yoFu.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=82.0.4227.43 --initial-client-data=0x2bc,0x2c0,0x2c4,0x298,0x2c8,0x7233a558,0x7233a568,0x7233a574
              5⤵
              • Executes dropped EXE
              • Loads dropped DLL
              PID:4220
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\402yoFu.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\402yoFu.exe" --version
              5⤵
                PID:4336
              • C:\Users\Admin\AppData\Local\Temp\UdSOUwq2\402yoFu.exe
                "C:\Users\Admin\AppData\Local\Temp\UdSOUwq2\402yoFu.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --server-tracking-data=server_tracking_data --initial-pid=4128 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20211225040046" --session-guid=2d4322f9-3722-4623-b89f-3a68ce458bf2 --server-tracking-blob=ZjVjMGQ5NDk5NTFhNjg1YTcxYjUwMjAyOWZhM2M5MzllZTY3MzE3Nzk3YTlmZGNhMWIxZmU1NWJkZTc5MzE2Mjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJZeCAwMyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImZWRpdGlvbj1ZeCswMyZ1dG1fc291cmNlPW1rdCZ1dG1fY2FtcGFpZ249NzIxIiwidGltZXN0YW1wIjoiMTY0MDMxMjU5MC44ODQ5IiwidXRtIjp7ImNhbXBhaWduIjoiNzIxIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoibWt0In0sInV1aWQiOiI2NTVlZTNlZS0wZDNiLTQ1YjctOGYxMC1lNzU5MjRkMDBiYTgifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=B804000000000000
                5⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Enumerates connected drives
                • Suspicious use of WriteProcessMemory
                PID:4432
                • C:\Users\Admin\AppData\Local\Temp\UdSOUwq2\402yoFu.exe
                  C:\Users\Admin\AppData\Local\Temp\UdSOUwq2\402yoFu.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=82.0.4227.43 --initial-client-data=0x2cc,0x2d0,0x2d4,0x298,0x2d8,0x713fa558,0x713fa568,0x713fa574
                  6⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  PID:4492
                • C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\installer.exe
                  "C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\installer.exe" --backend --initial-pid=4128 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202112250400461" --session-guid=2d4322f9-3722-4623-b89f-3a68ce458bf2 --server-tracking-blob=ZjVjMGQ5NDk5NTFhNjg1YTcxYjUwMjAyOWZhM2M5MzllZTY3MzE3Nzk3YTlmZGNhMWIxZmU1NWJkZTc5MzE2Mjp7ImNvdW50cnkiOiJVUyIsImVkaXRpb24iOiJZeCAwMyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImZWRpdGlvbj1ZeCswMyZ1dG1fc291cmNlPW1rdCZ1dG1fY2FtcGFpZ249NzIxIiwidGltZXN0YW1wIjoiMTY0MDMxMjU5MC44ODQ5IiwidXRtIjp7ImNhbXBhaWduIjoiNzIxIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoibWt0In0sInV1aWQiOiI2NTVlZTNlZS0wZDNiLTQ1YjctOGYxMC1lNzU5MjRkMDBiYTgifQ== --silent --desktopshortcut=1 --install-subfolder=82.0.4227.43
                  6⤵
                  • Executes dropped EXE
                  • Checks computer location settings
                  • Loads dropped DLL
                  • Enumerates connected drives
                  • Modifies registry class
                  PID:3948
                  • C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\installer.exe
                    C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=82.0.4227.43 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ff80544cb48,0x7ff80544cb58,0x7ff80544cb68
                    7⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    PID:4748
                  • C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\installer_helper_64.exe
                    "C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\installer_helper_64.exe" 1 "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202112250400461\Opera Browser.lnk"
                    7⤵
                    • Executes dropped EXE
                    • Checks computer location settings
                    • Modifies registry class
                    PID:2620
                  • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                    "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized
                    7⤵
                    • Executes dropped EXE
                    PID:5532
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher
                      8⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Enumerates system info in registry
                      PID:5616
                      • C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\opera_crashreporter.exe
                        C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=82.0.4227.43 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x7fffff8a34d0,0x7fffff8a34e0,0x7fffff8a34f0
                        9⤵
                        • Executes dropped EXE
                        PID:5688
                      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --field-trial-handle=1512,17510021189994913200,12739953227319748046,131072 --start-stack-profiler --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1532 /prefetch:2
                        9⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        PID:5856
                      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1512,17510021189994913200,12739953227319748046,131072 --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=1688 /prefetch:8
                        9⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        PID:5876
              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202112250400461\assistant\_sfx.exe
                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202112250400461\assistant\_sfx.exe"
                5⤵
                  PID:5100
                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202112250400461\assistant\assistant_installer.exe
                  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202112250400461\assistant\assistant_installer.exe" --version
                  5⤵
                  • Executes dropped EXE
                  PID:4372
                  • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202112250400461\assistant\assistant_installer.exe
                    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202112250400461\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=80.0.4170.40 --initial-client-data=0x254,0x258,0x25c,0x230,0x260,0x207c90,0x207ca0,0x207cac
                    6⤵
                    • Executes dropped EXE
                    • Suspicious use of AdjustPrivilegeToken
                    PID:3716
              • C:\Windows\SysWOW64\WerFault.exe
                C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2172
                4⤵
                • Program crash
                • Suspicious use of AdjustPrivilegeToken
                PID:4192
              • C:\Users\Admin\AppData\Local\Temp\OP8v8w6O\zCJTQfOtIqGd93a.exe
                C:\Users\Admin\AppData\Local\Temp\OP8v8w6O\zCJTQfOtIqGd93a.exe /quiet SILENT=1 AF=606x23f151a942ce9ae176086b16882d65ad
                4⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Enumerates connected drives
                • Modifies system certificate store
                • Suspicious use of AdjustPrivilegeToken
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of WriteProcessMemory
                PID:4376
                • C:\Windows\SysWOW64\msiexec.exe
                  "C:\Windows\system32\msiexec.exe" /i "C:\Users\Admin\AppData\Roaming\Weather\Weather 1.0.0\install\FD7DF1F\Weather Installation.msi" /quiet SILENT=1 AF=606x23f151a942ce9ae176086b16882d65ad AI_SETUPEXEPATH=C:\Users\Admin\AppData\Local\Temp\OP8v8w6O\zCJTQfOtIqGd93a.exe SETUPEXEDIR=C:\Users\Admin\AppData\Local\Temp\OP8v8w6O\ EXE_CMD_LINE="/exenoupdates /forcecleanup /wintime 1640145435 /quiet SILENT=1 AF=606x23f151a942ce9ae176086b16882d65ad " AF="606x23f151a942ce9ae176086b16882d65ad" AI_CONTROL_VISUAL_STYLE="16578540;16578540;14988840;12422912"
                  5⤵
                    PID:676
                • C:\Windows\SysWOW64\WerFault.exe
                  C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2268
                  4⤵
                  • Program crash
                  • Suspicious use of AdjustPrivilegeToken
                  PID:4360
                • C:\Users\Admin\AppData\Local\Temp\2h5mn7Qi\wo9mn6zi4D3NVzIxEZN1.exe
                  C:\Users\Admin\AppData\Local\Temp\2h5mn7Qi\wo9mn6zi4D3NVzIxEZN1.exe /usthree SUB=23f151a942ce9ae176086b16882d65ad
                  4⤵
                  • Executes dropped EXE
                  • Suspicious use of SetThreadContext
                  • Suspicious use of WriteProcessMemory
                  PID:4508
                  • C:\Users\Admin\AppData\Local\Temp\2h5mn7Qi\wo9mn6zi4D3NVzIxEZN1.exe
                    C:\Users\Admin\AppData\Local\Temp\2h5mn7Qi\wo9mn6zi4D3NVzIxEZN1.exe /usthree SUB=23f151a942ce9ae176086b16882d65ad
                    5⤵
                    • Executes dropped EXE
                    • Suspicious use of WriteProcessMemory
                    PID:4548
                    • C:\Windows\SysWOW64\cmd.exe
                      "C:\Windows\System32\cmd.exe" /c start /I "" "C:\Users\Admin\AppData\Local\Temp\{ZmEl-BRyH3-aYX4-MRGJc}\10771932521.exe"
                      6⤵
                      • Suspicious use of WriteProcessMemory
                      PID:5016
                      • C:\Users\Admin\AppData\Local\Temp\{ZmEl-BRyH3-aYX4-MRGJc}\10771932521.exe
                        "C:\Users\Admin\AppData\Local\Temp\{ZmEl-BRyH3-aYX4-MRGJc}\10771932521.exe"
                        7⤵
                        • Executes dropped EXE
                        • Loads dropped DLL
                        PID:4336
                    • C:\Windows\SysWOW64\cmd.exe
                      "C:\Windows\System32\cmd.exe" /c start /I "" "C:\Users\Admin\AppData\Local\Temp\{ZmEl-BRyH3-aYX4-MRGJc}\31827503997.exe" /us
                      6⤵
                        PID:4708
                        • C:\Users\Admin\AppData\Local\Temp\{ZmEl-BRyH3-aYX4-MRGJc}\31827503997.exe
                          "C:\Users\Admin\AppData\Local\Temp\{ZmEl-BRyH3-aYX4-MRGJc}\31827503997.exe" /us
                          7⤵
                          • Executes dropped EXE
                          • Checks BIOS information in registry
                          • Checks whether UAC is enabled
                          • Suspicious use of NtSetInformationThreadHideFromDebugger
                          • Checks processor information in registry
                          PID:4928
                      • C:\Windows\SysWOW64\cmd.exe
                        "C:\Windows\System32\cmd.exe" /c start /I "" "C:\Users\Admin\AppData\Local\Temp\{ZmEl-BRyH3-aYX4-MRGJc}\93846995057.exe" /us
                        6⤵
                          PID:1304
                          • C:\Users\Admin\AppData\Local\Temp\{ZmEl-BRyH3-aYX4-MRGJc}\93846995057.exe
                            "C:\Users\Admin\AppData\Local\Temp\{ZmEl-BRyH3-aYX4-MRGJc}\93846995057.exe" /us
                            7⤵
                            • Executes dropped EXE
                            • Checks processor information in registry
                            PID:4880
                            • C:\Users\Admin\AppData\Roaming\neofed\neofit.exe
                              neofit.exe
                              8⤵
                              • Executes dropped EXE
                              PID:4176
                        • C:\Windows\SysWOW64\cmd.exe
                          "C:\Windows\System32\cmd.exe" /c taskkill /im "wo9mn6zi4D3NVzIxEZN1.exe" /f & erase "C:\Users\Admin\AppData\Local\Temp\2h5mn7Qi\wo9mn6zi4D3NVzIxEZN1.exe" & exit
                          6⤵
                            PID:4808
                            • C:\Windows\SysWOW64\taskkill.exe
                              taskkill /im "wo9mn6zi4D3NVzIxEZN1.exe" /f
                              7⤵
                              • Kills process with taskkill
                              PID:1196
                      • C:\Windows\SysWOW64\WerFault.exe
                        C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2372
                        4⤵
                        • Program crash
                        • Suspicious use of AdjustPrivilegeToken
                        PID:4564
                      • C:\Users\Admin\AppData\Local\Temp\g5Z2xe3r\vpn.exe
                        C:\Users\Admin\AppData\Local\Temp\g5Z2xe3r\vpn.exe /silent /subid=510x23f151a942ce9ae176086b16882d65ad
                        4⤵
                        • Executes dropped EXE
                        • Suspicious use of WriteProcessMemory
                        PID:4776
                        • C:\Users\Admin\AppData\Local\Temp\is-9A5TV.tmp\vpn.tmp
                          "C:\Users\Admin\AppData\Local\Temp\is-9A5TV.tmp\vpn.tmp" /SL5="$30314,15170975,270336,C:\Users\Admin\AppData\Local\Temp\g5Z2xe3r\vpn.exe" /silent /subid=510x23f151a942ce9ae176086b16882d65ad
                          5⤵
                          • Executes dropped EXE
                          • Loads dropped DLL
                          • Drops file in Program Files directory
                          • Modifies registry class
                          • Modifies system certificate store
                          • Suspicious use of AdjustPrivilegeToken
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of WriteProcessMemory
                          PID:4968
                          • C:\Windows\SysWOW64\cmd.exe
                            C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\MaskVPN\driver\win764\uninstall.bat" "
                            6⤵
                              PID:3012
                              • C:\Program Files (x86)\MaskVPN\driver\win764\tapinstall.exe
                                tapinstall.exe remove tap0901
                                7⤵
                                • Executes dropped EXE
                                PID:4384
                            • C:\Windows\SysWOW64\cmd.exe
                              C:\Windows\system32\cmd.exe /c ""C:\Program Files (x86)\MaskVPN\driver\win764\install.bat" "
                              6⤵
                                PID:1220
                                • C:\Program Files (x86)\MaskVPN\driver\win764\tapinstall.exe
                                  tapinstall.exe install OemVista.inf tap0901
                                  7⤵
                                  • Executes dropped EXE
                                  • Drops file in System32 directory
                                  • Drops file in Windows directory
                                  • Checks SCSI registry key(s)
                                  • Modifies system certificate store
                                  PID:1276
                              • C:\Program Files (x86)\MaskVPN\mask_svc.exe
                                "C:\Program Files (x86)\MaskVPN\mask_svc.exe" uninstall
                                6⤵
                                • Executes dropped EXE
                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                PID:5252
                              • C:\Program Files (x86)\MaskVPN\mask_svc.exe
                                "C:\Program Files (x86)\MaskVPN\mask_svc.exe" install
                                6⤵
                                  PID:5400
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2228
                              4⤵
                              • Program crash
                              • Suspicious use of AdjustPrivilegeToken
                              PID:4828
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2408
                              4⤵
                              • Program crash
                              • Suspicious use of AdjustPrivilegeToken
                              PID:5020
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2196
                              4⤵
                              • Program crash
                              PID:3716
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2260
                              4⤵
                              • Program crash
                              PID:4608
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2392
                              4⤵
                              • Program crash
                              PID:4856
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2336
                              4⤵
                              • Program crash
                              PID:5116
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2408
                              4⤵
                              • Program crash
                              PID:4396
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2184
                              4⤵
                              • Program crash
                              PID:2772
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2324
                              4⤵
                              • Program crash
                              PID:3868
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2396
                              4⤵
                              • Program crash
                              PID:3180
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2008
                              4⤵
                              • Program crash
                              PID:2188
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2488
                              4⤵
                              • Program crash
                              PID:4148
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2460
                              4⤵
                              • Program crash
                              PID:1960
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2572
                              4⤵
                              • Program crash
                              PID:5936
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2420
                              4⤵
                              • Program crash
                              PID:5060
                            • C:\Windows\SysWOW64\WerFault.exe
                              C:\Windows\SysWOW64\WerFault.exe -u -p 912 -s 2508
                              4⤵
                              • Program crash
                              PID:4628
                      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                        1⤵
                        • Drops file in Windows directory
                        • Modifies Internet Explorer settings
                        • Modifies registry class
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of SetWindowsHookEx
                        PID:2268
                      • C:\Windows\system32\browser_broker.exe
                        C:\Windows\system32\browser_broker.exe -Embedding
                        1⤵
                        • Modifies Internet Explorer settings
                        PID:1464
                      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                        1⤵
                        • Modifies registry class
                        • Suspicious behavior: MapViewOfSection
                        • Suspicious use of SetWindowsHookEx
                        • Suspicious use of WriteProcessMemory
                        PID:1776
                      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                        1⤵
                        • Drops file in Windows directory
                        • Modifies Internet Explorer settings
                        • Modifies registry class
                        • Suspicious use of AdjustPrivilegeToken
                        PID:1220
                      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                        1⤵
                        • Modifies registry class
                        PID:4752
                      • C:\Windows\system32\msiexec.exe
                        C:\Windows\system32\msiexec.exe /V
                        1⤵
                        • Enumerates connected drives
                        • Drops file in Windows directory
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of WriteProcessMemory
                        PID:1956
                        • C:\Windows\syswow64\MsiExec.exe
                          C:\Windows\syswow64\MsiExec.exe -Embedding 6CF9E1761E90F3BDC6ED51D6E189EABA C
                          2⤵
                          • Loads dropped DLL
                          PID:4980
                        • C:\Windows\syswow64\MsiExec.exe
                          C:\Windows\syswow64\MsiExec.exe -Embedding FE5B8816338A08F9BAE66193AC1C24F3
                          2⤵
                          • Blocklisted process makes network request
                          • Loads dropped DLL
                          PID:4916
                        • C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe
                          "C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe"
                          2⤵
                          • Adds Run key to start application
                          PID:6584
                          • C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\RequiredApplication_1\Weather_Installation.exe
                            "C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\RequiredApplication_1\Weather_Installation.exe" -silent=1 -AF=606x23f151a942ce9ae176086b16882d65ad -BF=default -uncf=default
                            3⤵
                            • Adds Run key to start application
                            PID:6652
                            • C:\Users\Admin\AppData\Roaming\Weather\Weather.exe
                              "C:\Users\Admin\AppData\Roaming\Weather\Weather.exe" "--EkAoOVsS"
                              4⤵
                                PID:4596
                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                              "C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe" -NonInteractive -NoLogo -ExecutionPolicy AllSigned -Command "C:\Users\Admin\AppData\Local\Temp\AI_9F35.ps1 -paths 'C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\file_deleter.ps1','C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites\aipackagechainer.exe','C:\Users\Admin\AppData\Roaming\Weather\Weather\prerequisites' -retry_count 10"
                              3⤵
                                PID:6856
                          • \??\c:\windows\system32\svchost.exe
                            c:\windows\system32\svchost.exe -k dcomlaunch -s DeviceInstall
                            1⤵
                            • Drops file in Windows directory
                            • Checks SCSI registry key(s)
                            PID:4672
                            • C:\Windows\system32\DrvInst.exe
                              DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{749b90d2-e0bb-ab48-b81b-8cf58c54967f}\oemvista.inf" "9" "4d14a44ff" "0000000000000174" "WinSta0\Default" "0000000000000178" "208" "c:\program files (x86)\maskvpn\driver\win764"
                              2⤵
                              • Drops file in System32 directory
                              • Drops file in Windows directory
                              • Checks SCSI registry key(s)
                              • Modifies data under HKEY_USERS
                              PID:5068
                            • C:\Windows\system32\DrvInst.exe
                              DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem2.inf" "oemvista.inf:3beb73aff103cc24:tap0901.ndi:9.0.0.21:tap0901," "4d14a44ff" "0000000000000180"
                              2⤵
                              • Drops file in Drivers directory
                              • Drops file in System32 directory
                              • Drops file in Windows directory
                              • Checks SCSI registry key(s)
                              PID:4684
                          • \??\c:\windows\system32\svchost.exe
                            c:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc
                            1⤵
                              PID:4824
                            • \??\c:\windows\system32\svchost.exe
                              c:\windows\system32\svchost.exe -k netsvcs -s DsmSvc
                              1⤵
                              • Checks SCSI registry key(s)
                              • Modifies data under HKEY_USERS
                              PID:1324
                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
                              1⤵
                              • Drops file in Windows directory
                              • Modifies registry class
                              • Suspicious use of SetWindowsHookEx
                              PID:2376
                            • C:\Windows\system32\browser_broker.exe
                              C:\Windows\system32\browser_broker.exe -Embedding
                              1⤵
                              • Modifies Internet Explorer settings
                              PID:3680
                            • C:\Windows\system32\wbem\WMIADAP.EXE
                              wmiadap.exe /F /T /R
                              1⤵
                              • Executes dropped EXE
                              PID:5100
                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                              1⤵
                              • Suspicious use of SetWindowsHookEx
                              PID:360
                            • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
                              "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
                              1⤵
                              • Drops file in Windows directory
                              • Modifies registry class
                              PID:5152
                            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
                              1⤵
                              • Executes dropped EXE
                              • Checks computer location settings
                              • Loads dropped DLL
                              • Enumerates system info in registry
                              • Suspicious use of SendNotifyMessage
                              PID:3212
                              • C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\opera_crashreporter.exe
                                C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=82.0.4227.43 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x7fffff8a34d0,0x7fffff8a34e0,0x7fffff8a34f0
                                2⤵
                                • Executes dropped EXE
                                PID:3048
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --start-stack-profiler --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1556 /prefetch:2
                                2⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                PID:5908
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=1684 /prefetch:8
                                2⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                PID:4812
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=2072 /prefetch:8
                                2⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                PID:5896
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 OPR/82.0.4227.43 (Edition Yx 03)" --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --mojo-platform-channel-handle=2704 /prefetch:1
                                2⤵
                                • Executes dropped EXE
                                • Checks computer location settings
                                • Loads dropped DLL
                                PID:6000
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 OPR/82.0.4227.43 (Edition Yx 03)" --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --mojo-platform-channel-handle=2712 /prefetch:1
                                2⤵
                                • Executes dropped EXE
                                • Checks computer location settings
                                • Loads dropped DLL
                                PID:2860
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 OPR/82.0.4227.43 (Edition Yx 03)" --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=3216 /prefetch:1
                                2⤵
                                • Executes dropped EXE
                                • Checks computer location settings
                                • Loads dropped DLL
                                PID:5604
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=3260 /prefetch:8
                                2⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                PID:1168
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=3272 /prefetch:8
                                2⤵
                                • Executes dropped EXE
                                • Loads dropped DLL
                                PID:4312
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=3280 /prefetch:8
                                2⤵
                                • Executes dropped EXE
                                PID:4504
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 OPR/82.0.4227.43 (Edition Yx 03)" --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=3844 /prefetch:1
                                2⤵
                                • Executes dropped EXE
                                • Checks computer location settings
                                PID:4888
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 OPR/82.0.4227.43 (Edition Yx 03)" --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=3860 /prefetch:1
                                2⤵
                                • Executes dropped EXE
                                • Checks computer location settings
                                PID:4668
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 OPR/82.0.4227.43 (Edition Yx 03)" --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4068 /prefetch:1
                                2⤵
                                • Executes dropped EXE
                                • Checks computer location settings
                                PID:5788
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 OPR/82.0.4227.43 (Edition Yx 03)" --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --mojo-platform-channel-handle=4212 /prefetch:1
                                2⤵
                                • Executes dropped EXE
                                • Checks computer location settings
                                PID:4640
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=audio --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=4712 /prefetch:8
                                2⤵
                                • Executes dropped EXE
                                PID:5656
                              • C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\opera_autoupdate.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\opera_autoupdate.exe" --newlogic --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
                                2⤵
                                • Executes dropped EXE
                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                PID:5400
                                • C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\opera_autoupdate.exe
                                  C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=82.0.4227.43 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff626573430,0x7ff626573440,0x7ff626573450
                                  3⤵
                                  • Executes dropped EXE
                                  PID:2176
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 OPR/82.0.4227.43 (Edition Yx 03)" --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --mojo-platform-channel-handle=4776 /prefetch:1
                                2⤵
                                • Executes dropped EXE
                                • Checks computer location settings
                                PID:5724
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 OPR/82.0.4227.43 (Edition Yx 03)" --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=10 --mojo-platform-channel-handle=5420 /prefetch:1
                                2⤵
                                • Executes dropped EXE
                                • Checks computer location settings
                                PID:3812
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 OPR/82.0.4227.43 (Edition Yx 03)" --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --mojo-platform-channel-handle=5512 /prefetch:1
                                2⤵
                                • Executes dropped EXE
                                • Checks computer location settings
                                PID:5816
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5544 /prefetch:8
                                2⤵
                                • Executes dropped EXE
                                PID:5372
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5460 /prefetch:8
                                2⤵
                                • Executes dropped EXE
                                PID:4396
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5504 /prefetch:8
                                2⤵
                                • Executes dropped EXE
                                PID:5028
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5516 /prefetch:8
                                2⤵
                                • Executes dropped EXE
                                PID:4148
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5496 /prefetch:8
                                2⤵
                                • Executes dropped EXE
                                PID:5720
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5556 /prefetch:8
                                2⤵
                                  PID:2308
                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5568 /prefetch:8
                                  2⤵
                                    PID:4584
                                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5676 /prefetch:8
                                    2⤵
                                      PID:5204
                                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5652 /prefetch:8
                                      2⤵
                                        PID:4460
                                      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5660 /prefetch:8
                                        2⤵
                                          PID:5904
                                        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5684 /prefetch:8
                                          2⤵
                                            PID:380
                                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5680 /prefetch:8
                                            2⤵
                                              PID:4908
                                            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5592 /prefetch:8
                                              2⤵
                                                PID:4160
                                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5704 /prefetch:8
                                                2⤵
                                                  PID:6052
                                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 OPR/82.0.4227.43 (Edition Yx 03)" --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --mojo-platform-channel-handle=5792 /prefetch:1
                                                  2⤵
                                                    PID:6148
                                                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5812 /prefetch:8
                                                    2⤵
                                                      PID:6184
                                                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5844 /prefetch:8
                                                      2⤵
                                                        PID:6272
                                                      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5864 /prefetch:8
                                                        2⤵
                                                          PID:6336
                                                        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=3000 /prefetch:8
                                                          2⤵
                                                            PID:6404
                                                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5916 /prefetch:8
                                                            2⤵
                                                              PID:6464
                                                            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=3080 /prefetch:8
                                                              2⤵
                                                                PID:6948
                                                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=2736 /prefetch:8
                                                                2⤵
                                                                  PID:7000
                                                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=8256 /prefetch:8
                                                                  2⤵
                                                                    PID:7060
                                                                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=8232 /prefetch:8
                                                                    2⤵
                                                                      PID:7076
                                                                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5820 /prefetch:8
                                                                      2⤵
                                                                        PID:5408
                                                                      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=7764 /prefetch:8
                                                                        2⤵
                                                                          PID:4300
                                                                        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=5900 /prefetch:8
                                                                          2⤵
                                                                            PID:6236
                                                                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --mojo-platform-channel-handle=8240 /prefetch:8
                                                                            2⤵
                                                                              PID:6172
                                                                            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36 OPR/82.0.4227.43 (Edition Yx 03)" --with-feature:adblock-snippets=on --with-feature:aliexpress-modal=off --with-feature:bookmarks-trash-cleaner=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:partner-inline-autocompletion=on --with-feature:pinboard-local=on --with-feature:premium-valve-in=on --with-feature:reader-mode=on --with-feature:rollout-dna=on --with-feature:sd-suggestions-external=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:new-autoupdater-logic=on --with-feature:installer-experiment-test=off --with-feature:installer-use-minimal-package=off --with-feature:installer-opera-exe-in-root=on --ab_tests=DNA-72006-test:DNA-72006 --field-trial-handle=1544,2038460327532578963,1417431470997770236,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=8384 /prefetch:1
                                                                              2⤵
                                                                              • Checks computer location settings
                                                                              PID:6456
                                                                          • C:\Program Files (x86)\MaskVPN\mask_svc.exe
                                                                            "C:\Program Files (x86)\MaskVPN\mask_svc.exe"
                                                                            1⤵
                                                                            • Executes dropped EXE
                                                                            • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                                            • Modifies data under HKEY_USERS
                                                                            PID:4332
                                                                          • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                                                                            C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=82.0.4227.43 --newautoupdaterlogic
                                                                            1⤵
                                                                            • Executes dropped EXE
                                                                            PID:5968
                                                                            • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
                                                                              "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
                                                                              2⤵
                                                                                PID:6828
                                                                              • C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\opera_autoupdate.exe
                                                                                "C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\opera_autoupdate.exe" --edition="Yx 03" --newlogic --pipeid=oauc_task_pipedcbb8f53eff625f232ff45d764476217 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015" --scheduledtask
                                                                                2⤵
                                                                                  PID:6844
                                                                                  • C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\opera_autoupdate.exe
                                                                                    C:\Users\Admin\AppData\Local\Programs\Opera\82.0.4227.43\opera_autoupdate.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\Crash Reports" --crash-count-file=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\crash_count.txt --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=82.0.4227.43 --initial-client-data=0x234,0x238,0x23c,0x210,0x240,0x7ff626573430,0x7ff626573440,0x7ff626573450
                                                                                    3⤵
                                                                                      PID:6868
                                                                                    • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
                                                                                      "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
                                                                                      3⤵
                                                                                        PID:6676

                                                                                  Network

                                                                                  MITRE ATT&CK Matrix ATT&CK v6

                                                                                  Initial Access

                                                                                  Execution

                                                                                  Persistence

                                                                                  Registry Run Keys / Startup Folder

                                                                                  2
                                                                                  T1060

                                                                                  Privilege Escalation

                                                                                  Defense Evasion

                                                                                  Virtualization/Sandbox Evasion

                                                                                  1
                                                                                  T1497

                                                                                  Modify Registry

                                                                                  3
                                                                                  T1112

                                                                                  Install Root Certificate

                                                                                  1
                                                                                  T1130

                                                                                  Credential Access

                                                                                  Credentials in Files

                                                                                  2
                                                                                  T1081

                                                                                  Discovery

                                                                                  Query Registry

                                                                                  8
                                                                                  T1012

                                                                                  Virtualization/Sandbox Evasion

                                                                                  1
                                                                                  T1497

                                                                                  System Information Discovery

                                                                                  8
                                                                                  T1082

                                                                                  Peripheral Device Discovery

                                                                                  2
                                                                                  T1120

                                                                                  Remote System Discovery

                                                                                  1
                                                                                  T1018

                                                                                  Lateral Movement

                                                                                  Collection

                                                                                  Data from Local System

                                                                                  2
                                                                                  T1005

                                                                                  Exfiltration

                                                                                  Command and Control

                                                                                  Web Service

                                                                                  1
                                                                                  T1102

                                                                                  Impact

                                                                                  Replay Monitor

                                                                                  Loading Replay Monitor...

                                                                                  Downloads

                                                                                  • C:\Program Files (x86)\Et\quo\Dolor.exe
                                                                                    MD5

                                                                                    1e9d3161f0585d7188a37710a36dd620

                                                                                    SHA1

                                                                                    118dc56ae7626b40a46f86e615e9fb2d6adbbfd9

                                                                                    SHA256

                                                                                    1658017cd61fd615be6d60b5a43070b22a1af34f85de40bd672f055d628d16e9

                                                                                    SHA512

                                                                                    20cc5daf59d3849d72ec465dcb8a4305ce7779f06a888f1c05540573a2015308c6372defa57b7dbc9ea5d7c6438aedce81864115f4b7a07ae4de9540fb343ddf

                                                                                    Download Submit
                                                                                  • C:\Program Files (x86)\Et\quo\Dolor.exe
                                                                                    MD5

                                                                                    1e9d3161f0585d7188a37710a36dd620

                                                                                    SHA1

                                                                                    118dc56ae7626b40a46f86e615e9fb2d6adbbfd9

                                                                                    SHA256

                                                                                    1658017cd61fd615be6d60b5a43070b22a1af34f85de40bd672f055d628d16e9

                                                                                    SHA512

                                                                                    20cc5daf59d3849d72ec465dcb8a4305ce7779f06a888f1c05540573a2015308c6372defa57b7dbc9ea5d7c6438aedce81864115f4b7a07ae4de9540fb343ddf

                                                                                    Download Submit
                                                                                  • C:\Program Files (x86)\Et\quo\sqlite3.dll
                                                                                    MD5

                                                                                    e477a96c8f2b18d6b5c27bde49c990bf

                                                                                    SHA1

                                                                                    e980c9bf41330d1e5bd04556db4646a0210f7409

                                                                                    SHA256

                                                                                    16574f51785b0e2fc29c2c61477eb47bb39f714829999511dc8952b43ab17660

                                                                                    SHA512

                                                                                    335a86268e7c0e568b1c30981ec644e6cd332e66f96d2551b58a82515316693c1859d87b4f4b7310cf1ac386cee671580fdd999c3bcb23acf2c2282c01c8798c

                                                                                    Download Submit
                                                                                  • C:\Program Files (x86)\MaskVPN\driver\win764\tapinstall.exe
                                                                                    MD5

                                                                                    d10f74d86cd350732657f542df533f82

                                                                                    SHA1

                                                                                    c54074f8f162a780819175e7169c43f6706ad46c

                                                                                    SHA256

                                                                                    c9963a3f8abf6fedc8f983a9655a387d67c752bd59b0d16fd6fc2396b4b4ca67

                                                                                    SHA512

                                                                                    0d7cb060e4a9482d4862ff47c9d6f52a060c4fb4e3b8388769fa2974ccf081af6bea7b1d4325c03d128bc4de6e0525d6e9bf3a42564391f2acd980435a0dd87e

                                                                                    Download Submit
                                                                                  • C:\Program Files (x86)\MaskVPN\driver\win764\tapinstall.exe
                                                                                    MD5

                                                                                    d10f74d86cd350732657f542df533f82

                                                                                    SHA1

                                                                                    c54074f8f162a780819175e7169c43f6706ad46c

                                                                                    SHA256

                                                                                    c9963a3f8abf6fedc8f983a9655a387d67c752bd59b0d16fd6fc2396b4b4ca67

                                                                                    SHA512

                                                                                    0d7cb060e4a9482d4862ff47c9d6f52a060c4fb4e3b8388769fa2974ccf081af6bea7b1d4325c03d128bc4de6e0525d6e9bf3a42564391f2acd980435a0dd87e

                                                                                    Download Submit
                                                                                  • C:\Program Files (x86)\MaskVPN\driver\win764\uninstall.bat
                                                                                    MD5

                                                                                    9133a44bfd841b8849bddead9957c2c3

                                                                                    SHA1

                                                                                    3c1d92aa3f6247a2e7ceeaf0b811cf584ae87591

                                                                                    SHA256

                                                                                    b8109f63a788470925ea267f1b6032bba281b1ac3afdf0c56412cb753df58392

                                                                                    SHA512

                                                                                    d7f5f99325b9c77939735df3a61097a24613f85e7acc2d84875f78f60b0b70e3504f34d9fff222c593e1daadd9db71080a23b588fe7009ce93b5a4cbe9785545

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B
                                                                                    MD5

                                                                                    cf479afbde033bea9f1027b41138d1a7

                                                                                    SHA1

                                                                                    3f50097550af88681bc6fe19849808600e9b68fe

                                                                                    SHA256

                                                                                    5472a4789e398fbbf479513311d2953855e5507b520b9367fb4bca10637b6b78

                                                                                    SHA512

                                                                                    398973b640cbff83c370635969d01f206f2cbc5d3b38a81da385ef104ff6ac1c0bce1148871aebccbf5b124f9325557d7e6a4b67eb46658822ec833a3fa1bdf5

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7D11549FC90445E1CE90F96A21958A17_FB353789C9BBDA933068CD2920BDF3B7
                                                                                    MD5

                                                                                    a4a20e85e3ae3537449fd8215ad1a0cf

                                                                                    SHA1

                                                                                    89dffc686f175008f1c0ff698577f4616595db1b

                                                                                    SHA256

                                                                                    10c6f3b6ab002d2d79a1bcb65c96f214b0b58432417d4debec69ef961f4373f4

                                                                                    SHA512

                                                                                    1f07c53d772907664e22ddf6e74fcb7d69bafa43e1614b18ae5809c4327d204cba9b7adf227d02c57cc32d77a916c07e08f94627714c972e88b425ff4938edd4

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
                                                                                    MD5

                                                                                    74b8d13ebc5e92523fe629a61faee381

                                                                                    SHA1

                                                                                    e02ceaa560aab67122140e0e3f93889d7cb1251b

                                                                                    SHA256

                                                                                    472aeac675e5916bb991f0f0ec17ca6ad090df5959400fa0f0a9acf2758bd6d0

                                                                                    SHA512

                                                                                    37b9b228a83aeadbf007bbd3a1fb5d7d5727029edf0b4bfd1d49b2fcb255db6559b6ce443c2dd704adee145132e68bd90b86fe3b17e9ddf4a3d8facf6f637bb8

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_79CFD3DF2894C4BFDA2ADFD6675FA18B
                                                                                    MD5

                                                                                    531ec910e2c3e6322809e9c78aa216ef

                                                                                    SHA1

                                                                                    2a1394a4acb795a993d576788ab6a6129f302849

                                                                                    SHA256

                                                                                    953069b395d0c60bb0cd9a520068bb2cd8f9bc424de6530d74062887706e49d2

                                                                                    SHA512

                                                                                    0fd87e31750a45cc7e822ad4ecb7cc374f237b6a1ff29f6862ccbfae4849cd80a4060cf6be4c393356af1b25360d6f42b5a3b727b694fe34a36634eb95b45cd7

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7D11549FC90445E1CE90F96A21958A17_FB353789C9BBDA933068CD2920BDF3B7
                                                                                    MD5

                                                                                    32035ac155f9ff44490335009253dab2

                                                                                    SHA1

                                                                                    5a7dde75385efa578629ee7528d7d0b73146e82c

                                                                                    SHA256

                                                                                    aa1e1efafb26e2345b2c3554cab02c9a78f87cfc2470f7fc1bdb5ea9b35748d0

                                                                                    SHA512

                                                                                    b0463cadc1c221e9a590aa60824d59753d4c03f015cb891c4834eac100520c033a7b03f596452338973fad6bbb3750040ae0e59ce5543fea77d30e89b6bb95e1

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_2DBE917624E9880FE0C7C5570D56E691
                                                                                    MD5

                                                                                    625bc14033431a75b82db0f450c56d29

                                                                                    SHA1

                                                                                    f19f0049b0f1295103b0cf846e14b23ecad48b4d

                                                                                    SHA256

                                                                                    303148c1812aaafc871ded039755e61e060687dcb7cada763aa81aa0468126eb

                                                                                    SHA512

                                                                                    562d1b4641b73812272a60f4d21c44363004fcf3c18b3dfe005c1ed25355cf9aa5536422de32ca20d74042a51ca56e4cb27f95a77d5f3f5db18a547541c141ed

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\402yoFu.exe
                                                                                    MD5

                                                                                    eb6806fcf97f10a05f2b8be7b4b63824

                                                                                    SHA1

                                                                                    41cc0d710a640125411eef059ed1e810846c1a0c

                                                                                    SHA256

                                                                                    1647b2294741ea68442c2346d4a6eaab1e2c7ade620f0f341b0071743457db1c

                                                                                    SHA512

                                                                                    823806961833eadf2acd4ea7d715a1b662b2de0cc5aa1bde67115cabbf497790671c72e8391bc17fcebd4b246de0c5b50646e698649873e168ea77dd1c308371

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202112250400461\assistant\_sfx.exe
                                                                                    MD5

                                                                                    89bb73a328bd405b08b7d21a0d7a391d

                                                                                    SHA1

                                                                                    95a4919ab65b6f433f12befeb575b488a1aeb30d

                                                                                    SHA256

                                                                                    56504dea4c5371c211e631496a25ef1ffd0e012574a5d9c9a0032a3920469a26

                                                                                    SHA512

                                                                                    defffa87559386eb7e9168dcae3f648bff49d7e202663605a2c3c57cf7af7592a1f82873c796bb0ec04fdb3f5fd1c68176420bc5ada17a43d03abf535eaa29ba

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\2h5mn7Qi\wo9mn6zi4D3NVzIxEZN1.exe
                                                                                    MD5

                                                                                    6eb3504134002abaa4fbd81de85f393f

                                                                                    SHA1

                                                                                    299202602c5c3922ad0c4ce6001ef8f25e21293b

                                                                                    SHA256

                                                                                    0fe979a7b3374701bda3e5762ab7bb1decb987046e357ce9901140cc5de0eaf2

                                                                                    SHA512

                                                                                    4fe731213b1bd2a2f7db39c977b429848464c397fc0306f4267c01c1e35f0dc54d948a2f8318cced07267c9f2b0c9ba3868ab2f599ddbfaeab2325bc701d6dda

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\2h5mn7Qi\wo9mn6zi4D3NVzIxEZN1.exe
                                                                                    MD5

                                                                                    6eb3504134002abaa4fbd81de85f393f

                                                                                    SHA1

                                                                                    299202602c5c3922ad0c4ce6001ef8f25e21293b

                                                                                    SHA256

                                                                                    0fe979a7b3374701bda3e5762ab7bb1decb987046e357ce9901140cc5de0eaf2

                                                                                    SHA512

                                                                                    4fe731213b1bd2a2f7db39c977b429848464c397fc0306f4267c01c1e35f0dc54d948a2f8318cced07267c9f2b0c9ba3868ab2f599ddbfaeab2325bc701d6dda

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\2h5mn7Qi\wo9mn6zi4D3NVzIxEZN1.exe
                                                                                    MD5

                                                                                    6eb3504134002abaa4fbd81de85f393f

                                                                                    SHA1

                                                                                    299202602c5c3922ad0c4ce6001ef8f25e21293b

                                                                                    SHA256

                                                                                    0fe979a7b3374701bda3e5762ab7bb1decb987046e357ce9901140cc5de0eaf2

                                                                                    SHA512

                                                                                    4fe731213b1bd2a2f7db39c977b429848464c397fc0306f4267c01c1e35f0dc54d948a2f8318cced07267c9f2b0c9ba3868ab2f599ddbfaeab2325bc701d6dda

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\MSI778E.tmp
                                                                                    MD5

                                                                                    07ce413b1af6342187514871dc112c74

                                                                                    SHA1

                                                                                    8008f8bfeae99918b6323a3d1270dea63b3a8394

                                                                                    SHA256

                                                                                    0ba7e90fe2a0005e1e0dad53e2678916650c3b95ff9b666b802d128276c8ec46

                                                                                    SHA512

                                                                                    27df52bfcbc2d0ce3756a2526e632b5610d7047259b31aeeff12652de3e046bcd239e39c222a323654f475f1f913679b4fdd858303e0e105f7a300b6f6ed0fe5

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\MSI7ED3.tmp
                                                                                    MD5

                                                                                    07ce413b1af6342187514871dc112c74

                                                                                    SHA1

                                                                                    8008f8bfeae99918b6323a3d1270dea63b3a8394

                                                                                    SHA256

                                                                                    0ba7e90fe2a0005e1e0dad53e2678916650c3b95ff9b666b802d128276c8ec46

                                                                                    SHA512

                                                                                    27df52bfcbc2d0ce3756a2526e632b5610d7047259b31aeeff12652de3e046bcd239e39c222a323654f475f1f913679b4fdd858303e0e105f7a300b6f6ed0fe5

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\MSI800C.tmp
                                                                                    MD5

                                                                                    e6a708c70a8cfd78b7c0383615545158

                                                                                    SHA1

                                                                                    b9274d9bf4750f557d34ddfd802113f5dd1df91c

                                                                                    SHA256

                                                                                    e124c00f974e0c09200676e7ce2147c3822b4cd4764dcc970e832bd93d869d0c

                                                                                    SHA512

                                                                                    2d0162f268f357a29c8bc35f855678e8e47e8a70825130e73e40a7dca1e9a3d8844b66616bfaa156b16fa4162bcf6991f659b3a6e8ee3caf841c87ec16189ff8

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\OP8v8w6O\zCJTQfOtIqGd93a.exe
                                                                                    MD5

                                                                                    a4d6329cabfe33aac9878f47c4f2e705

                                                                                    SHA1

                                                                                    b763474c26e3b06347917c4aa02783898ed5204b

                                                                                    SHA256

                                                                                    49288e5dfa77a9502aaffc10bf9ba8a170bf150dab280ea72dc36f14ac8fe433

                                                                                    SHA512

                                                                                    5cb9917bfb9db22a48385333780f1a7eaa0aee1c6231d5a67e8f7c1feb06384647b1e7d9247f85b606acb4c2aa4f3131f84bfbffb9b1f3923a3c361109aeb7f7

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\OP8v8w6O\zCJTQfOtIqGd93a.exe
                                                                                    MD5

                                                                                    a4d6329cabfe33aac9878f47c4f2e705

                                                                                    SHA1

                                                                                    b763474c26e3b06347917c4aa02783898ed5204b

                                                                                    SHA256

                                                                                    49288e5dfa77a9502aaffc10bf9ba8a170bf150dab280ea72dc36f14ac8fe433

                                                                                    SHA512

                                                                                    5cb9917bfb9db22a48385333780f1a7eaa0aee1c6231d5a67e8f7c1feb06384647b1e7d9247f85b606acb4c2aa4f3131f84bfbffb9b1f3923a3c361109aeb7f7

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\Skype.exe
                                                                                    MD5

                                                                                    4ae0cc591c73abc92591de3342de4ec0

                                                                                    SHA1

                                                                                    128612389a79288e6273b4a34e429d106e8f8091

                                                                                    SHA256

                                                                                    f3ecea3c50e711bcdd5ae2b085721d7eabd7354ee4e06dab56cad2b1d8c2c0f0

                                                                                    SHA512

                                                                                    2a290f20c8f3977e4790da06726cb2b5d4c8f9484010c5bdb4ddfba0a0d1f234ed7eea564bcfa2eca40b8befb313babbabcd72759ffa7c860089405f5933c879

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\Skype.exe
                                                                                    MD5

                                                                                    4ae0cc591c73abc92591de3342de4ec0

                                                                                    SHA1

                                                                                    128612389a79288e6273b4a34e429d106e8f8091

                                                                                    SHA256

                                                                                    f3ecea3c50e711bcdd5ae2b085721d7eabd7354ee4e06dab56cad2b1d8c2c0f0

                                                                                    SHA512

                                                                                    2a290f20c8f3977e4790da06726cb2b5d4c8f9484010c5bdb4ddfba0a0d1f234ed7eea564bcfa2eca40b8befb313babbabcd72759ffa7c860089405f5933c879

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\UdSOUwq2\402yoFu.exe
                                                                                    MD5

                                                                                    eb6806fcf97f10a05f2b8be7b4b63824

                                                                                    SHA1

                                                                                    41cc0d710a640125411eef059ed1e810846c1a0c

                                                                                    SHA256

                                                                                    1647b2294741ea68442c2346d4a6eaab1e2c7ade620f0f341b0071743457db1c

                                                                                    SHA512

                                                                                    823806961833eadf2acd4ea7d715a1b662b2de0cc5aa1bde67115cabbf497790671c72e8391bc17fcebd4b246de0c5b50646e698649873e168ea77dd1c308371

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\UdSOUwq2\402yoFu.exe
                                                                                    MD5

                                                                                    eb6806fcf97f10a05f2b8be7b4b63824

                                                                                    SHA1

                                                                                    41cc0d710a640125411eef059ed1e810846c1a0c

                                                                                    SHA256

                                                                                    1647b2294741ea68442c2346d4a6eaab1e2c7ade620f0f341b0071743457db1c

                                                                                    SHA512

                                                                                    823806961833eadf2acd4ea7d715a1b662b2de0cc5aa1bde67115cabbf497790671c72e8391bc17fcebd4b246de0c5b50646e698649873e168ea77dd1c308371

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\UdSOUwq2\402yoFu.exe
                                                                                    MD5

                                                                                    eb6806fcf97f10a05f2b8be7b4b63824

                                                                                    SHA1

                                                                                    41cc0d710a640125411eef059ed1e810846c1a0c

                                                                                    SHA256

                                                                                    1647b2294741ea68442c2346d4a6eaab1e2c7ade620f0f341b0071743457db1c

                                                                                    SHA512

                                                                                    823806961833eadf2acd4ea7d715a1b662b2de0cc5aa1bde67115cabbf497790671c72e8391bc17fcebd4b246de0c5b50646e698649873e168ea77dd1c308371

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\UdSOUwq2\402yoFu.exe
                                                                                    MD5

                                                                                    eb6806fcf97f10a05f2b8be7b4b63824

                                                                                    SHA1

                                                                                    41cc0d710a640125411eef059ed1e810846c1a0c

                                                                                    SHA256

                                                                                    1647b2294741ea68442c2346d4a6eaab1e2c7ade620f0f341b0071743457db1c

                                                                                    SHA512

                                                                                    823806961833eadf2acd4ea7d715a1b662b2de0cc5aa1bde67115cabbf497790671c72e8391bc17fcebd4b246de0c5b50646e698649873e168ea77dd1c308371

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\UdSOUwq2\402yoFu.exe
                                                                                    MD5

                                                                                    eb6806fcf97f10a05f2b8be7b4b63824

                                                                                    SHA1

                                                                                    41cc0d710a640125411eef059ed1e810846c1a0c

                                                                                    SHA256

                                                                                    1647b2294741ea68442c2346d4a6eaab1e2c7ade620f0f341b0071743457db1c

                                                                                    SHA512

                                                                                    823806961833eadf2acd4ea7d715a1b662b2de0cc5aa1bde67115cabbf497790671c72e8391bc17fcebd4b246de0c5b50646e698649873e168ea77dd1c308371

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\ck1tkfLh\sRRpGBI.exe
                                                                                    MD5

                                                                                    bff03beb0bebf6c97b4f75387221082e

                                                                                    SHA1

                                                                                    1e7f93dbf118748b3078a5ed7f28cb4a2e03edb1

                                                                                    SHA256

                                                                                    cfb6dbfed10c59baa25fdd15fa3649f4844c9ff7a0aa782016c71f4f0156df3b

                                                                                    SHA512

                                                                                    5fdcaa381f8b5c7edfe1868c5a19496713f48df8fd6cf58b8fa0f5e0fedc1f3369eaf2d85369c1fc039b01ddc8daa535a155c18aade01ac10ea8c35a8b3ba6a3

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\ck1tkfLh\sRRpGBI.exe
                                                                                    MD5

                                                                                    bff03beb0bebf6c97b4f75387221082e

                                                                                    SHA1

                                                                                    1e7f93dbf118748b3078a5ed7f28cb4a2e03edb1

                                                                                    SHA256

                                                                                    cfb6dbfed10c59baa25fdd15fa3649f4844c9ff7a0aa782016c71f4f0156df3b

                                                                                    SHA512

                                                                                    5fdcaa381f8b5c7edfe1868c5a19496713f48df8fd6cf58b8fa0f5e0fedc1f3369eaf2d85369c1fc039b01ddc8daa535a155c18aade01ac10ea8c35a8b3ba6a3

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\g5Z2xe3r\vpn.exe
                                                                                    MD5

                                                                                    1ed0798570272f2c94ed7b99135ee93d

                                                                                    SHA1

                                                                                    b4b66a74480623ed4bbf9af3fd4488051fb05fec

                                                                                    SHA256

                                                                                    48267762aa0f759061efa0b893dc5307f7079fdd3367cbef49ba4f9a9ff389b9

                                                                                    SHA512

                                                                                    64ef300a9f24c1d9f841ec3ec97b842a66459c5522cb4b12906dbb4eb6916cc80a03155c0a427e49a108726de1430b801d7c1768167837bb18573fc65bfcb6e0

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\g5Z2xe3r\vpn.exe
                                                                                    MD5

                                                                                    1ed0798570272f2c94ed7b99135ee93d

                                                                                    SHA1

                                                                                    b4b66a74480623ed4bbf9af3fd4488051fb05fec

                                                                                    SHA256

                                                                                    48267762aa0f759061efa0b893dc5307f7079fdd3367cbef49ba4f9a9ff389b9

                                                                                    SHA512

                                                                                    64ef300a9f24c1d9f841ec3ec97b842a66459c5522cb4b12906dbb4eb6916cc80a03155c0a427e49a108726de1430b801d7c1768167837bb18573fc65bfcb6e0

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\is-9A5TV.tmp\vpn.tmp
                                                                                    MD5

                                                                                    6873578ee5b3b15f53cfdb774bdc9956

                                                                                    SHA1

                                                                                    d3c6ef607604fff7dc199129f205fda80932228b

                                                                                    SHA256

                                                                                    a07f9fe188bdfd00badbae40e3f51bb88c39fc648f22bd73849a4ddf5a241ef8

                                                                                    SHA512

                                                                                    b134dbb05cffc27f33e18466ca43d2d237adb8deea42b0300e6a446302fd6544f1801a6d76e98b4119103e23de5c6043e82f0aef950f3f95c630848e71297047

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\is-9A5TV.tmp\vpn.tmp
                                                                                    MD5

                                                                                    6873578ee5b3b15f53cfdb774bdc9956

                                                                                    SHA1

                                                                                    d3c6ef607604fff7dc199129f205fda80932228b

                                                                                    SHA256

                                                                                    a07f9fe188bdfd00badbae40e3f51bb88c39fc648f22bd73849a4ddf5a241ef8

                                                                                    SHA512

                                                                                    b134dbb05cffc27f33e18466ca43d2d237adb8deea42b0300e6a446302fd6544f1801a6d76e98b4119103e23de5c6043e82f0aef950f3f95c630848e71297047

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\is-M44QD.tmp\is-AU61L.tmp
                                                                                    MD5

                                                                                    7d4f2f6d77755eb3ab2f32678b51e48e

                                                                                    SHA1

                                                                                    c42f92874abcab6b45922b6e53a0a017be1ec705

                                                                                    SHA256

                                                                                    3684dec2f56b6f8bd9f72d21e2f321bc105084a2d77d7d9b2f46821f69bbfd26

                                                                                    SHA512

                                                                                    573addc8d53bbbd1215887734c999a43bb53e3864a5a1ecacf33813f51e8b84639381e4947fdd71b0a3af0b22a86f340e7d29e835f7789cef1bb238000564f14

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\is-M44QD.tmp\is-AU61L.tmp
                                                                                    MD5

                                                                                    7d4f2f6d77755eb3ab2f32678b51e48e

                                                                                    SHA1

                                                                                    c42f92874abcab6b45922b6e53a0a017be1ec705

                                                                                    SHA256

                                                                                    3684dec2f56b6f8bd9f72d21e2f321bc105084a2d77d7d9b2f46821f69bbfd26

                                                                                    SHA512

                                                                                    573addc8d53bbbd1215887734c999a43bb53e3864a5a1ecacf33813f51e8b84639381e4947fdd71b0a3af0b22a86f340e7d29e835f7789cef1bb238000564f14

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\{ZmEl-BRyH3-aYX4-MRGJc}\10771932521.exe
                                                                                    MD5

                                                                                    7b3c4789e297601a4bc71948fac1e215

                                                                                    SHA1

                                                                                    7bccc6ebb5b30c647d2085509e4adf3b436329d6

                                                                                    SHA256

                                                                                    1ab86bb68ac2e405484c77de4bb809fc258f349da91d161c42f8683d0ecd6ad1

                                                                                    SHA512

                                                                                    a544354f22092170c1a5a3fa9e06fdf3143450243a481e4d2e66cc7bab0b23a464a8ebcb3c48a163aaf5311d1f2006f4ef842148d8303c200fc9ae1d9f166487

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\{ZmEl-BRyH3-aYX4-MRGJc}\10771932521.exe
                                                                                    MD5

                                                                                    7b3c4789e297601a4bc71948fac1e215

                                                                                    SHA1

                                                                                    7bccc6ebb5b30c647d2085509e4adf3b436329d6

                                                                                    SHA256

                                                                                    1ab86bb68ac2e405484c77de4bb809fc258f349da91d161c42f8683d0ecd6ad1

                                                                                    SHA512

                                                                                    a544354f22092170c1a5a3fa9e06fdf3143450243a481e4d2e66cc7bab0b23a464a8ebcb3c48a163aaf5311d1f2006f4ef842148d8303c200fc9ae1d9f166487

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\{ZmEl-BRyH3-aYX4-MRGJc}\31827503997.exe
                                                                                    MD5

                                                                                    e55422d97015ca9945114cebaeba4cbf

                                                                                    SHA1

                                                                                    671d3c900b4aa7b4568e8a4c61a49075fc74484b

                                                                                    SHA256

                                                                                    f3b4f47ab6b09e0b090c6fb6f6145774485e2d043d373ed2971034bf6cd9f420

                                                                                    SHA512

                                                                                    9453ae884da5d039fa0ca4fc33216b1ca02d2b40831edf534d7fde16a01c045f1c49ae7935ab317cd6f515e21a9a22ee14cbf3a068627b03e334cdc115603f6f

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\{ZmEl-BRyH3-aYX4-MRGJc}\31827503997.exe
                                                                                    MD5

                                                                                    e55422d97015ca9945114cebaeba4cbf

                                                                                    SHA1

                                                                                    671d3c900b4aa7b4568e8a4c61a49075fc74484b

                                                                                    SHA256

                                                                                    f3b4f47ab6b09e0b090c6fb6f6145774485e2d043d373ed2971034bf6cd9f420

                                                                                    SHA512

                                                                                    9453ae884da5d039fa0ca4fc33216b1ca02d2b40831edf534d7fde16a01c045f1c49ae7935ab317cd6f515e21a9a22ee14cbf3a068627b03e334cdc115603f6f

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Local\Temp\{ZmEl-BRyH3-aYX4-MRGJc}\93846995057.exe
                                                                                    MD5

                                                                                    3ad577282b7b5a35b2eb40df5aeb8bb5

                                                                                    SHA1

                                                                                    f7212180d05216cc8e5f5f3091654b90a38fe868

                                                                                    SHA256

                                                                                    8f177430c25aaa30b5e5bc5ff265d40f80be956a4de1a00833bf5959beb487bb

                                                                                    SHA512

                                                                                    663db9c6f22c31093d61000567894b096b03a8c17daa214c283a4c3970cf9b6e451f6a49b4d0b3aef19396c57142ce7d35721e6872d083e0ac8c6ad7f3bb9ad4

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
                                                                                    MD5

                                                                                    2f3cef49bab081d954a0a6b3bb6f463f

                                                                                    SHA1

                                                                                    4f25b113537bc2782b54bf776df21b80bd62bf40

                                                                                    SHA256

                                                                                    4214b575b9ba1d9605145ebdba11eaa8e0a2d4fde46012dbc02645da3178e2c4

                                                                                    SHA512

                                                                                    9679ccc9287de494010c1eb7c13ea03fc6446e4ec3064faf8a2b550463b1a05fda951ab31abb87697e3e4a28e1b445511d5f7a562ab1ac2a46e833059ebfca9b

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
                                                                                    MD5

                                                                                    2f3cef49bab081d954a0a6b3bb6f463f

                                                                                    SHA1

                                                                                    4f25b113537bc2782b54bf776df21b80bd62bf40

                                                                                    SHA256

                                                                                    4214b575b9ba1d9605145ebdba11eaa8e0a2d4fde46012dbc02645da3178e2c4

                                                                                    SHA512

                                                                                    9679ccc9287de494010c1eb7c13ea03fc6446e4ec3064faf8a2b550463b1a05fda951ab31abb87697e3e4a28e1b445511d5f7a562ab1ac2a46e833059ebfca9b

                                                                                    Download Submit
                                                                                  • C:\Users\Admin\AppData\Roaming\Weather\Weather 1.0.0\install\FD7DF1F\Weather Installation.msi
                                                                                    MD5

                                                                                    95adb6017a865829ee9edf0d278fb26b

                                                                                    SHA1

                                                                                    3f8b52850bda9ceebca972a42f3290eba769d815

                                                                                    SHA256

                                                                                    d6180f49d6855df3eb657a1afe02ebcb75d01fce9ea16388075dff67d78516ca

                                                                                    SHA512

                                                                                    18f5ea7f64139f44d501861de8a48a5bee6f51dbab46077af9bb973fab4e9a456a9b1378dbe9d43ff32ca2474d8fcd40cb639674c557fc53953276bf7eee12a2

                                                                                    Download Submit
                                                                                  • \Program Files (x86)\Et\quo\sqlite3.dll
                                                                                    MD5

                                                                                    e477a96c8f2b18d6b5c27bde49c990bf

                                                                                    SHA1

                                                                                    e980c9bf41330d1e5bd04556db4646a0210f7409

                                                                                    SHA256

                                                                                    16574f51785b0e2fc29c2c61477eb47bb39f714829999511dc8952b43ab17660

                                                                                    SHA512

                                                                                    335a86268e7c0e568b1c30981ec644e6cd332e66f96d2551b58a82515316693c1859d87b4f4b7310cf1ac386cee671580fdd999c3bcb23acf2c2282c01c8798c

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\MSI778E.tmp
                                                                                    MD5

                                                                                    07ce413b1af6342187514871dc112c74

                                                                                    SHA1

                                                                                    8008f8bfeae99918b6323a3d1270dea63b3a8394

                                                                                    SHA256

                                                                                    0ba7e90fe2a0005e1e0dad53e2678916650c3b95ff9b666b802d128276c8ec46

                                                                                    SHA512

                                                                                    27df52bfcbc2d0ce3756a2526e632b5610d7047259b31aeeff12652de3e046bcd239e39c222a323654f475f1f913679b4fdd858303e0e105f7a300b6f6ed0fe5

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\MSI7ED3.tmp
                                                                                    MD5

                                                                                    07ce413b1af6342187514871dc112c74

                                                                                    SHA1

                                                                                    8008f8bfeae99918b6323a3d1270dea63b3a8394

                                                                                    SHA256

                                                                                    0ba7e90fe2a0005e1e0dad53e2678916650c3b95ff9b666b802d128276c8ec46

                                                                                    SHA512

                                                                                    27df52bfcbc2d0ce3756a2526e632b5610d7047259b31aeeff12652de3e046bcd239e39c222a323654f475f1f913679b4fdd858303e0e105f7a300b6f6ed0fe5

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\MSI800C.tmp
                                                                                    MD5

                                                                                    e6a708c70a8cfd78b7c0383615545158

                                                                                    SHA1

                                                                                    b9274d9bf4750f557d34ddfd802113f5dd1df91c

                                                                                    SHA256

                                                                                    e124c00f974e0c09200676e7ce2147c3822b4cd4764dcc970e832bd93d869d0c

                                                                                    SHA512

                                                                                    2d0162f268f357a29c8bc35f855678e8e47e8a70825130e73e40a7dca1e9a3d8844b66616bfaa156b16fa4162bcf6991f659b3a6e8ee3caf841c87ec16189ff8

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\Opera_installer_2112250400459574128.dll
                                                                                    MD5

                                                                                    78536384e4fade23943d43721f393fec

                                                                                    SHA1

                                                                                    994c911ec5659ac76ed66cb7b1a2d38c079f1025

                                                                                    SHA256

                                                                                    3fe8a9ffd2bb8bcec26a715ac73f67bc5bf766822bd23331b3b9af0aa17e544c

                                                                                    SHA512

                                                                                    5002cf8381ac1ef46d5e8dc48f504bcb0ac85c6cc6331dd72e936280bcdc507004ffb60353c75d65fc14292f72d2c8b485b7283736857bb8a9e41d531a162b9e

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\Opera_installer_2112250400462064220.dll
                                                                                    MD5

                                                                                    78536384e4fade23943d43721f393fec

                                                                                    SHA1

                                                                                    994c911ec5659ac76ed66cb7b1a2d38c079f1025

                                                                                    SHA256

                                                                                    3fe8a9ffd2bb8bcec26a715ac73f67bc5bf766822bd23331b3b9af0aa17e544c

                                                                                    SHA512

                                                                                    5002cf8381ac1ef46d5e8dc48f504bcb0ac85c6cc6331dd72e936280bcdc507004ffb60353c75d65fc14292f72d2c8b485b7283736857bb8a9e41d531a162b9e

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\Opera_installer_2112250400464724336.dll
                                                                                    MD5

                                                                                    78536384e4fade23943d43721f393fec

                                                                                    SHA1

                                                                                    994c911ec5659ac76ed66cb7b1a2d38c079f1025

                                                                                    SHA256

                                                                                    3fe8a9ffd2bb8bcec26a715ac73f67bc5bf766822bd23331b3b9af0aa17e544c

                                                                                    SHA512

                                                                                    5002cf8381ac1ef46d5e8dc48f504bcb0ac85c6cc6331dd72e936280bcdc507004ffb60353c75d65fc14292f72d2c8b485b7283736857bb8a9e41d531a162b9e

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\Opera_installer_2112250400466914432.dll
                                                                                    MD5

                                                                                    78536384e4fade23943d43721f393fec

                                                                                    SHA1

                                                                                    994c911ec5659ac76ed66cb7b1a2d38c079f1025

                                                                                    SHA256

                                                                                    3fe8a9ffd2bb8bcec26a715ac73f67bc5bf766822bd23331b3b9af0aa17e544c

                                                                                    SHA512

                                                                                    5002cf8381ac1ef46d5e8dc48f504bcb0ac85c6cc6331dd72e936280bcdc507004ffb60353c75d65fc14292f72d2c8b485b7283736857bb8a9e41d531a162b9e

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\Opera_installer_2112250400468474492.dll
                                                                                    MD5

                                                                                    78536384e4fade23943d43721f393fec

                                                                                    SHA1

                                                                                    994c911ec5659ac76ed66cb7b1a2d38c079f1025

                                                                                    SHA256

                                                                                    3fe8a9ffd2bb8bcec26a715ac73f67bc5bf766822bd23331b3b9af0aa17e544c

                                                                                    SHA512

                                                                                    5002cf8381ac1ef46d5e8dc48f504bcb0ac85c6cc6331dd72e936280bcdc507004ffb60353c75d65fc14292f72d2c8b485b7283736857bb8a9e41d531a162b9e

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\is-L8FNQ.tmp\ApiTool.dll
                                                                                    MD5

                                                                                    b5e330f90e1bab5e5ee8ccb04e679687

                                                                                    SHA1

                                                                                    3360a68276a528e4b651c9019b6159315c3acca8

                                                                                    SHA256

                                                                                    2900d536923740fe530891f481e35e37262db5283a4b98047fe5335eacaf3441

                                                                                    SHA512

                                                                                    41ab8f239cfff8e5ddcff95cdf2ae11499d57b2ebe8f0786757a200047fd022bfd6975be95e9cfcc17c405e631f069b9951591cf74faf3e6a548191e63a8439c

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\is-L8FNQ.tmp\ApiTool.dll
                                                                                    MD5

                                                                                    b5e330f90e1bab5e5ee8ccb04e679687

                                                                                    SHA1

                                                                                    3360a68276a528e4b651c9019b6159315c3acca8

                                                                                    SHA256

                                                                                    2900d536923740fe530891f481e35e37262db5283a4b98047fe5335eacaf3441

                                                                                    SHA512

                                                                                    41ab8f239cfff8e5ddcff95cdf2ae11499d57b2ebe8f0786757a200047fd022bfd6975be95e9cfcc17c405e631f069b9951591cf74faf3e6a548191e63a8439c

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\is-L8FNQ.tmp\InnoCallback.dll
                                                                                    MD5

                                                                                    1c55ae5ef9980e3b1028447da6105c75

                                                                                    SHA1

                                                                                    f85218e10e6aa23b2f5a3ed512895b437e41b45c

                                                                                    SHA256

                                                                                    6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

                                                                                    SHA512

                                                                                    1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\is-L8FNQ.tmp\InnoCallback.dll
                                                                                    MD5

                                                                                    1c55ae5ef9980e3b1028447da6105c75

                                                                                    SHA1

                                                                                    f85218e10e6aa23b2f5a3ed512895b437e41b45c

                                                                                    SHA256

                                                                                    6afa2d104be6efe3d9a2ab96dbb75db31565dad64dd0b791e402ecc25529809f

                                                                                    SHA512

                                                                                    1ec4d52f49747b29cfd83e1a75fc6ae4101add68ada0b9add5770c10be6dffb004bb47d0854d50871ed8d77acf67d4e0445e97f0548a95c182e83b94ddf2eb6b

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\is-L8FNQ.tmp\botva2.dll
                                                                                    MD5

                                                                                    ef899fa243c07b7b82b3a45f6ec36771

                                                                                    SHA1

                                                                                    4a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe

                                                                                    SHA256

                                                                                    da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77

                                                                                    SHA512

                                                                                    3f98b5ad9adfad2111ebd1d8cbab9ae423d624d1668cc64c0bfcdbfedf30c1ce3ea6bc6bcf70f7dd1b01172a4349e7c84fb75d395ee5af73866574c1d734c6e8

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\is-L8FNQ.tmp\botva2.dll
                                                                                    MD5

                                                                                    ef899fa243c07b7b82b3a45f6ec36771

                                                                                    SHA1

                                                                                    4a86313cc8766dcad1c2b00c2b8f9bbe0cf8bbbe

                                                                                    SHA256

                                                                                    da7d0368712ee419952eb2640a65a7f24e39fb7872442ed4d2ee847ec4cfde77

                                                                                    SHA512

                                                                                    3f98b5ad9adfad2111ebd1d8cbab9ae423d624d1668cc64c0bfcdbfedf30c1ce3ea6bc6bcf70f7dd1b01172a4349e7c84fb75d395ee5af73866574c1d734c6e8

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\is-L8FNQ.tmp\libMaskVPN.dll
                                                                                    MD5

                                                                                    3d88c579199498b224033b6b66638fb8

                                                                                    SHA1

                                                                                    6f6303288e2206efbf18e4716095059fada96fc4

                                                                                    SHA256

                                                                                    5bccb86319fc90210d065648937725b14b43fa0c96f9da56d9984e027adebbc3

                                                                                    SHA512

                                                                                    9740c521ed38643201ed4c2574628454723b9213f12e193c11477e64a2c03daa58d2a48e70df1a7e9654c50a80049f3cf213fd01f2b74e585c3a86027db19ec9

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\is-L8FNQ.tmp\libMaskVPN.dll
                                                                                    MD5

                                                                                    3d88c579199498b224033b6b66638fb8

                                                                                    SHA1

                                                                                    6f6303288e2206efbf18e4716095059fada96fc4

                                                                                    SHA256

                                                                                    5bccb86319fc90210d065648937725b14b43fa0c96f9da56d9984e027adebbc3

                                                                                    SHA512

                                                                                    9740c521ed38643201ed4c2574628454723b9213f12e193c11477e64a2c03daa58d2a48e70df1a7e9654c50a80049f3cf213fd01f2b74e585c3a86027db19ec9

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Local\Temp\is-UO5KK.tmp\_isetup\_iscrypt.dll
                                                                                    MD5

                                                                                    a69559718ab506675e907fe49deb71e9

                                                                                    SHA1

                                                                                    bc8f404ffdb1960b50c12ff9413c893b56f2e36f

                                                                                    SHA256

                                                                                    2f6294f9aa09f59a574b5dcd33be54e16b39377984f3d5658cda44950fa0f8fc

                                                                                    SHA512

                                                                                    e52e0aa7fe3f79e36330c455d944653d449ba05b2f9abee0914a0910c3452cfa679a40441f9ac696b3ccf9445cbb85095747e86153402fc362bb30ac08249a63

                                                                                    Download Submit
                                                                                  • \Users\Admin\AppData\Roaming\Weather\Weather 1.0.0\install\decoder.dll
                                                                                    MD5

                                                                                    62326d3ef35667b1533673d2bb1d342c

                                                                                    SHA1

                                                                                    8100ce90b7cbddd7ef2fd77c544ebf12ebd5ec33

                                                                                    SHA256

                                                                                    a087b791ff8ff9e05e339600199aa389a4554050acc7af7fa36dbe208be7382e

                                                                                    SHA512

                                                                                    7321feae8ee8d0653d7bd935e3d2e6f658e6798b2a7a8f44976c58509028e79284582132cb999c7c3124a7e94960d9c5d5fc8edefaeda06275ab725730d0d9b5

                                                                                    Download Submit
                                                                                  • memory/676-234-0x0000000000A20000-0x0000000000A21000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/676-229-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/676-231-0x0000000000A20000-0x0000000000A21000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/912-127-0x0000000000400000-0x000000000188B000-memory.dmp
                                                                                    Filesize

                                                                                    20.5MB

                                                                                    Download
                                                                                  • memory/912-128-0x0000000004330000-0x0000000004331000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/912-126-0x0000000000400000-0x000000000188B000-memory.dmp
                                                                                    Filesize

                                                                                    20.5MB

                                                                                    Download
                                                                                  • memory/912-122-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/1168-408-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/1196-278-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/1220-283-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/1276-284-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/1304-253-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/1684-308-0x0000000005390000-0x0000000005391000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/1684-351-0x0000000005CD0000-0x0000000005D2E000-memory.dmp
                                                                                    Filesize

                                                                                    376KB

                                                                                    Download
                                                                                  • memory/1684-349-0x0000000005BF0000-0x0000000005C56000-memory.dmp
                                                                                    Filesize

                                                                                    408KB

                                                                                    Download
                                                                                  • memory/1684-348-0x0000000005AE0000-0x0000000005B80000-memory.dmp
                                                                                    Filesize

                                                                                    640KB

                                                                                    Download
                                                                                  • memory/1684-307-0x0000000000AA0000-0x0000000000AB0000-memory.dmp
                                                                                    Filesize

                                                                                    64KB

                                                                                    Download
                                                                                  • memory/1684-350-0x00000000064B0000-0x00000000069AE000-memory.dmp
                                                                                    Filesize

                                                                                    5.0MB

                                                                                    Download
                                                                                  • memory/1684-306-0x0000000000AA0000-0x0000000000AB0000-memory.dmp
                                                                                    Filesize

                                                                                    64KB

                                                                                    Download
                                                                                  • memory/1684-305-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/1956-193-0x000001E3779D0000-0x000001E3779D2000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/1956-192-0x000001E3779D0000-0x000001E3779D2000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/2120-130-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/2376-309-0x000001944D020000-0x000001944D030000-memory.dmp
                                                                                    Filesize

                                                                                    64KB

                                                                                    Download
                                                                                  • memory/2620-319-0x0000013E68CD0000-0x0000013E68CD2000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/2620-318-0x0000013E68CD0000-0x0000013E68CD2000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/2620-316-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/2860-380-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/2940-116-0x0000000000400000-0x0000000000414000-memory.dmp
                                                                                    Filesize

                                                                                    80KB

                                                                                    Download
                                                                                  • memory/3012-243-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/3048-358-0x000002A61DA50000-0x000002A61DA52000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/3048-357-0x000002A61DA50000-0x000002A61DA52000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/3048-356-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/3212-355-0x0000020AC6AA0000-0x0000020AC6AA2000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/3212-354-0x0000020AC6AA0000-0x0000020AC6AA2000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/3716-272-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/3716-273-0x00000000046D0000-0x00000000046D1000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/3716-274-0x00000000046D0000-0x00000000046D1000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/3880-121-0x00000000001E0000-0x00000000001E1000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/3880-117-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/3948-310-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4128-133-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4144-313-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4176-293-0x00000000054E0000-0x0000000005AE6000-memory.dmp
                                                                                    Filesize

                                                                                    6.0MB

                                                                                    Download
                                                                                  • memory/4176-338-0x0000000006A20000-0x0000000006BE2000-memory.dmp
                                                                                    Filesize

                                                                                    1.8MB

                                                                                    Download
                                                                                  • memory/4176-317-0x00000000067A0000-0x00000000067BE000-memory.dmp
                                                                                    Filesize

                                                                                    120KB

                                                                                    Download
                                                                                  • memory/4176-315-0x00000000066F0000-0x0000000006782000-memory.dmp
                                                                                    Filesize

                                                                                    584KB

                                                                                    Download
                                                                                  • memory/4176-341-0x0000000006BF0000-0x000000000711C000-memory.dmp
                                                                                    Filesize

                                                                                    5.2MB

                                                                                    Download
                                                                                  • memory/4176-299-0x0000000000BC0000-0x0000000000BF9000-memory.dmp
                                                                                    Filesize

                                                                                    228KB

                                                                                    Download
                                                                                  • memory/4176-314-0x0000000006630000-0x00000000066A6000-memory.dmp
                                                                                    Filesize

                                                                                    472KB

                                                                                    Download
                                                                                  • memory/4176-311-0x0000000005E50000-0x0000000005EB6000-memory.dmp
                                                                                    Filesize

                                                                                    408KB

                                                                                    Download
                                                                                  • memory/4176-287-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4176-304-0x0000000004FD4000-0x0000000004FD6000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/4176-303-0x0000000004FD3000-0x0000000004FD4000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4176-301-0x0000000004FD0000-0x0000000004FD1000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4176-298-0x0000000000860000-0x00000000009AA000-memory.dmp
                                                                                    Filesize

                                                                                    1.3MB

                                                                                    Download
                                                                                  • memory/4176-297-0x0000000004F80000-0x0000000004FCB000-memory.dmp
                                                                                    Filesize

                                                                                    300KB

                                                                                    Download
                                                                                  • memory/4176-289-0x00000000028F0000-0x0000000002924000-memory.dmp
                                                                                    Filesize

                                                                                    208KB

                                                                                    Download
                                                                                  • memory/4176-291-0x0000000004FE0000-0x00000000054DE000-memory.dmp
                                                                                    Filesize

                                                                                    5.0MB

                                                                                    Download
                                                                                  • memory/4176-300-0x0000000000400000-0x0000000000860000-memory.dmp
                                                                                    Filesize

                                                                                    4.4MB

                                                                                    Download
                                                                                  • memory/4176-296-0x0000000004F30000-0x0000000004F6E000-memory.dmp
                                                                                    Filesize

                                                                                    248KB

                                                                                    Download
                                                                                  • memory/4176-295-0x0000000005AF0000-0x0000000005BFA000-memory.dmp
                                                                                    Filesize

                                                                                    1.0MB

                                                                                    Download
                                                                                  • memory/4176-294-0x0000000004EC0000-0x0000000004ED2000-memory.dmp
                                                                                    Filesize

                                                                                    72KB

                                                                                    Download
                                                                                  • memory/4176-302-0x0000000004FD2000-0x0000000004FD3000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4176-292-0x0000000002A80000-0x0000000002AB2000-memory.dmp
                                                                                    Filesize

                                                                                    200KB

                                                                                    Download
                                                                                  • memory/4220-136-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4312-413-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4336-279-0x0000000000400000-0x000000000050A000-memory.dmp
                                                                                    Filesize

                                                                                    1.0MB

                                                                                    Download
                                                                                  • memory/4336-141-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4336-281-0x00000000006C0000-0x0000000000752000-memory.dmp
                                                                                    Filesize

                                                                                    584KB

                                                                                    Download
                                                                                  • memory/4336-276-0x00000000007B6000-0x0000000000806000-memory.dmp
                                                                                    Filesize

                                                                                    320KB

                                                                                    Download
                                                                                  • memory/4336-230-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4372-269-0x0000000004FE0000-0x0000000004FE1000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4372-270-0x0000000004FE0000-0x0000000004FE1000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4372-268-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4376-143-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4384-254-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4432-146-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4492-149-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4504-420-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4508-150-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4548-171-0x0000000000400000-0x0000000000450000-memory.dmp
                                                                                    Filesize

                                                                                    320KB

                                                                                    Download
                                                                                  • memory/4548-154-0x0000000000400000-0x0000000000450000-memory.dmp
                                                                                    Filesize

                                                                                    320KB

                                                                                    Download
                                                                                  • memory/4548-155-0x000000000041616A-mapping.dmp
                                                                                    Download
                                                                                  • memory/4640-452-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4668-438-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4684-286-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4700-185-0x00000000006E0000-0x0000000000700000-memory.dmp
                                                                                    Filesize

                                                                                    128KB

                                                                                    Download
                                                                                  • memory/4700-191-0x0000000000623000-0x0000000000624000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4700-271-0x0000000007140000-0x000000000715E000-memory.dmp
                                                                                    Filesize

                                                                                    120KB

                                                                                    Download
                                                                                  • memory/4700-189-0x0000000000622000-0x0000000000623000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4700-267-0x0000000006B40000-0x000000000703E000-memory.dmp
                                                                                    Filesize

                                                                                    5.0MB

                                                                                    Download
                                                                                  • memory/4700-266-0x0000000006A90000-0x0000000006B22000-memory.dmp
                                                                                    Filesize

                                                                                    584KB

                                                                                    Download
                                                                                  • memory/4700-199-0x00000000056D0000-0x000000000571B000-memory.dmp
                                                                                    Filesize

                                                                                    300KB

                                                                                    Download
                                                                                  • memory/4700-265-0x0000000006A00000-0x0000000006A76000-memory.dmp
                                                                                    Filesize

                                                                                    472KB

                                                                                    Download
                                                                                  • memory/4700-197-0x0000000000624000-0x0000000000625000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4700-164-0x00000000001F0000-0x00000000001F1000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4700-160-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4700-163-0x0000000000400000-0x0000000000532000-memory.dmp
                                                                                    Filesize

                                                                                    1.2MB

                                                                                    Download
                                                                                  • memory/4700-190-0x0000000002B20000-0x0000000002C2A000-memory.dmp
                                                                                    Filesize

                                                                                    1.0MB

                                                                                    Download
                                                                                  • memory/4700-275-0x00000000071E0000-0x0000000007246000-memory.dmp
                                                                                    Filesize

                                                                                    408KB

                                                                                    Download
                                                                                  • memory/4700-288-0x0000000008570000-0x0000000008732000-memory.dmp
                                                                                    Filesize

                                                                                    1.8MB

                                                                                    Download
                                                                                  • memory/4700-173-0x0000000000770000-0x000000000079F000-memory.dmp
                                                                                    Filesize

                                                                                    188KB

                                                                                    Download
                                                                                  • memory/4700-290-0x0000000008740000-0x0000000008C6C000-memory.dmp
                                                                                    Filesize

                                                                                    5.2MB

                                                                                    Download
                                                                                  • memory/4700-188-0x0000000000620000-0x0000000000621000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4700-187-0x0000000002B00000-0x0000000002B12000-memory.dmp
                                                                                    Filesize

                                                                                    72KB

                                                                                    Download
                                                                                  • memory/4700-186-0x0000000005050000-0x0000000005656000-memory.dmp
                                                                                    Filesize

                                                                                    6.0MB

                                                                                    Download
                                                                                  • memory/4700-184-0x00000000006E0000-0x0000000000700000-memory.dmp
                                                                                    Filesize

                                                                                    128KB

                                                                                    Download
                                                                                  • memory/4700-175-0x0000000000740000-0x000000000088A000-memory.dmp
                                                                                    Filesize

                                                                                    1.3MB

                                                                                    Download
                                                                                  • memory/4700-172-0x00000000022C0000-0x00000000022FA000-memory.dmp
                                                                                    Filesize

                                                                                    232KB

                                                                                    Download
                                                                                  • memory/4700-198-0x0000000005660000-0x000000000569E000-memory.dmp
                                                                                    Filesize

                                                                                    248KB

                                                                                    Download
                                                                                  • memory/4708-242-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4748-312-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4776-176-0x0000000000400000-0x000000000044C000-memory.dmp
                                                                                    Filesize

                                                                                    304KB

                                                                                    Download
                                                                                  • memory/4776-166-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4808-263-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4812-363-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4880-277-0x00000000009F0000-0x0000000000A5B000-memory.dmp
                                                                                    Filesize

                                                                                    428KB

                                                                                    Download
                                                                                  • memory/4880-280-0x0000000000E90000-0x0000000000F5E000-memory.dmp
                                                                                    Filesize

                                                                                    824KB

                                                                                    Download
                                                                                  • memory/4880-282-0x0000000000400000-0x00000000008A0000-memory.dmp
                                                                                    Filesize

                                                                                    4.6MB

                                                                                    Download
                                                                                  • memory/4880-255-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4888-429-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4916-257-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4916-260-0x0000000000020000-0x0000000000021000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4916-259-0x0000000000020000-0x0000000000021000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4928-247-0x00000000013C0000-0x0000000001AB3000-memory.dmp
                                                                                    Filesize

                                                                                    6.9MB

                                                                                    Download
                                                                                  • memory/4928-251-0x00000000013C0000-0x0000000001AB3000-memory.dmp
                                                                                    Filesize

                                                                                    6.9MB

                                                                                    Download
                                                                                  • memory/4928-250-0x00000000013C0000-0x0000000001AB3000-memory.dmp
                                                                                    Filesize

                                                                                    6.9MB

                                                                                    Download
                                                                                  • memory/4928-249-0x00000000013C0000-0x0000000001AB3000-memory.dmp
                                                                                    Filesize

                                                                                    6.9MB

                                                                                    Download
                                                                                  • memory/4928-248-0x00000000777D0000-0x000000007795E000-memory.dmp
                                                                                    Filesize

                                                                                    1.6MB

                                                                                    Download
                                                                                  • memory/4928-244-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4968-228-0x0000000007A60000-0x0000000007A61000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4968-222-0x0000000009720000-0x0000000009724000-memory.dmp
                                                                                    Filesize

                                                                                    16KB

                                                                                    Download
                                                                                  • memory/4968-214-0x0000000009720000-0x0000000009724000-memory.dmp
                                                                                    Filesize

                                                                                    16KB

                                                                                    Download
                                                                                  • memory/4968-178-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/4968-215-0x0000000009720000-0x0000000009724000-memory.dmp
                                                                                    Filesize

                                                                                    16KB

                                                                                    Download
                                                                                  • memory/4968-213-0x0000000007BC0000-0x0000000007BD5000-memory.dmp
                                                                                    Filesize

                                                                                    84KB

                                                                                    Download
                                                                                  • memory/4968-218-0x0000000009720000-0x0000000009724000-memory.dmp
                                                                                    Filesize

                                                                                    16KB

                                                                                    Download
                                                                                  • memory/4968-183-0x0000000000610000-0x0000000000611000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4968-220-0x0000000009720000-0x0000000009724000-memory.dmp
                                                                                    Filesize

                                                                                    16KB

                                                                                    Download
                                                                                  • memory/4968-216-0x0000000009720000-0x0000000009724000-memory.dmp
                                                                                    Filesize

                                                                                    16KB

                                                                                    Download
                                                                                  • memory/4968-205-0x0000000007A70000-0x0000000007A7F000-memory.dmp
                                                                                    Filesize

                                                                                    60KB

                                                                                    Download
                                                                                  • memory/4968-223-0x0000000009720000-0x0000000009724000-memory.dmp
                                                                                    Filesize

                                                                                    16KB

                                                                                    Download
                                                                                  • memory/4968-200-0x00000000022B0000-0x00000000022B1000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4968-224-0x0000000009720000-0x0000000009724000-memory.dmp
                                                                                    Filesize

                                                                                    16KB

                                                                                    Download
                                                                                  • memory/4968-196-0x0000000007400000-0x00000000076E0000-memory.dmp
                                                                                    Filesize

                                                                                    2.9MB

                                                                                    Download
                                                                                  • memory/4980-208-0x00000000000F0000-0x00000000000F1000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4980-207-0x00000000000F0000-0x00000000000F1000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/4980-206-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5016-221-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5068-285-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5100-262-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5252-330-0x00000000001F0000-0x00000000001F1000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/5252-320-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5252-323-0x0000000001820000-0x0000000001821000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/5252-324-0x0000000000400000-0x00000000015D7000-memory.dmp
                                                                                    Filesize

                                                                                    17.8MB

                                                                                    Download
                                                                                  • memory/5316-321-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5400-359-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5532-327-0x000001E348DE0000-0x000001E348DE2000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/5532-326-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5532-328-0x000001E348DE0000-0x000001E348DE2000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/5604-405-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5616-331-0x000002106F820000-0x000002106F822000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/5616-332-0x000002106F820000-0x000002106F822000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/5616-329-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5656-478-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5688-335-0x00000242D3140000-0x00000242D3142000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/5688-333-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5688-334-0x00000242D3140000-0x00000242D3142000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/5788-446-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5856-343-0x00000177000E0000-0x00000177000E2000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/5856-337-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5856-347-0x00000177000E0000-0x00000177000E2000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/5856-336-0x000001774C4A1000-0x000001774C4A2000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/5856-346-0x00000177000E0000-0x00000177000E2000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/5856-340-0x00007FF8226C0000-0x00007FF8226C1000-memory.dmp
                                                                                    Filesize

                                                                                    4KB

                                                                                    Download
                                                                                  • memory/5856-345-0x00000177000E0000-0x00000177000E2000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/5876-344-0x000001D2D4A60000-0x000001D2D4A62000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/5876-339-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5876-342-0x000001D2D4A60000-0x000001D2D4A62000-memory.dmp
                                                                                    Filesize

                                                                                    8KB

                                                                                    Download
                                                                                  • memory/5896-369-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/5908-362-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/6000-374-0x0000000000000000-mapping.dmp
                                                                                    Download
                                                                                  • memory/6112-353-0x000000000044022C-mapping.dmp
                                                                                    Download
                                                                                  • memory/6112-352-0x0000000000400000-0x0000000000495000-memory.dmp
                                                                                    Filesize

                                                                                    596KB

                                                                                    Download