Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
1098s -
max time network
1100s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
24/09/2022, 11:55
General
-
Target
ExLoader_Installer.exe
-
Size
9.0MB
-
MD5
ce760649f94dfca36358201a735740b3
-
SHA1
b76f4bfd7e98c7f117571021c2e3e8e935b901c8
-
SHA256
d54d4095087a0cf8a194b89593b85a7df31d4fccdabfa5f5a592643028654d87
-
SHA512
0d27d77fb2776a02cf04d1feb40394ea6f580406ee572c60b91461d0a38f3ff5d0106eb740083bfb0c100ece3189ad657a50376144607590d4990328f84025c2
-
SSDEEP
196608:IHmiehP7tSzS28SHWJkvP+eSt1NJUFP09esGAYtGAlAdXCY3rDhNG/:IGFFt4npnCt1NJASOAYtGAlAQWrDhm
Score
8/10
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 64 IoCs
-
Registers COM server for autorun 1 TTPs 3 IoCs
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings 2 TTPs 18 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 64 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Adds Run key to start application 2 TTPs 64 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 64 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in System32 directory 64 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates processes with tasklist 1 TTPs 18 IoCs
-
Enumerates system info in registry 2 TTPs 5 IoCs
-
Kills process with taskkill 3 IoCs
-
Modifies data under HKEY_USERS 64 IoCs
-
Modifies registry class 64 IoCs
-
Modifies system certificate store 2 TTPs 15 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 2 IoCs
-
Suspicious use of SendNotifyMessage 11 IoCs
-
Suspicious use of SetWindowsHookEx 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe"C:\Users\Admin\AppData\Local\Temp\ExLoader_Installer.exe"1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"2⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\Software\Yandex\YandexBrowser /v last_startup_time3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\Software\Yandex\YandexBrowser /v last_startup_time4⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\Software\Opera Software" /v "Last Stable Install Path"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\Software\Opera Software" /v "Last Stable Install Path"4⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Opera Software" /v "Last Stable Install Path"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Opera Software" /v "Last Stable Install Path"4⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Opera Software" /v "Last Stable Install Path"3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Opera Software" /v "Last Stable Install Path"4⤵
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "exloader.exe\"" /FO CSV3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq exloader.exe" /FO CSV4⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware4⤵
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "$WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"C:\Users\Admin\Desktop\ExLoader.lnk\") $Shortcut.TargetPath = \"C:\Program Files\ExLoader\ExLoader.exe\" $Shortcut.Save()"3⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Program Files\ExLoader\ExLoader.exe"C:\Program Files\ExLoader\ExLoader.exe" -deletePreviousExLoader3⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid4⤵
- Suspicious use of WriteProcessMemory
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid4⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "csgo.exe\"" /FO CSV4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq csgo.exe" /FO CSV5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "faceitclient.exe\"" /FO CSV4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq faceitclient.exe" /FO CSV5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "faceitservice.exe\"" /FO CSV4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq faceitservice.exe" /FO CSV5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 0D756077321A70C3E844C138CE9815814⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 0D756077321A70C3E844C138CE9815815⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {01db25f3-1b76-4d97-88c8-1c90634d88fb}4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {01db25f3-1b76-4d97-88c8-1c90634d88fb}5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\taskkill.exe /f /im csgo.exe4⤵
-
C:\Windows\System32\taskkill.exeC:\Windows\System32\taskkill.exe /f /im csgo.exe5⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Users\Admin\AppData\Roaming\com.swiftsoft\exloader\tools\Microsoft_redistributable_packages_x64.exe4⤵
-
C:\Users\Admin\AppData\Roaming\com.swiftsoft\exloader\tools\Microsoft_redistributable_packages_x64.exeC:\Users\Admin\AppData\Roaming\com.swiftsoft\exloader\tools\Microsoft_redistributable_packages_x64.exe5⤵
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x86_False\8.0.50727.42\vcredist.msi" /qn ARPSYSTEMCOMPONENT=16⤵
- Suspicious use of AdjustPrivilegeToken
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x86_False\8.0.50727.762\vcredist.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x86_False\8.0.50727.832\vcredist.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x86_False\8.0.50727.3079\vcredist.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x86_False\8.0.50727.4053.0\atl80sp1_kb973923.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x86_False\8.0.50727.4053\vcredist.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x86_False\8.0.50727.5592\vcredist.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x86\8.0.50727.6195\vcredist.msi" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /x "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x86_False\9.0.21022.8.0\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x86_False\9.0.21022.8\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x86_False\9.0.21022.218\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x86_False\9.0.30411.0\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x86_False\9.0.30729.1.0\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x86_False\9.0.30729.1\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x86_False\9.0.30729.17\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x86_False\9.0.30729.4048\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x86_False\9.0.30729.4148.0\atl90sp1_kb973924.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x86_False\9.0.30729.4148\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x86_False\9.0.30729.5570\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x86\9.0.30729.6161\vc_red.msi" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /x "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2010_x86_False\10.0.30319.1\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2010_x86\10.0.40219.473\vc_red.msi" /qn6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x86.exe" /quiet /uninstall6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x86.exe" /quiet /uninstall -burn.unelevated BurnPipe.{73D3CEF3-49E9-4792-BACD-C854F2E3D316} {DE3B4955-4FF1-45B9-96A0-8CDE9FC4FAB9} 45647⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x86_eng.exe" /quiet /uninstall6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x86_eng.exe" /quiet /uninstall -burn.unelevated BurnPipe.{DEF95577-A32D-48F0-8CA1-3E41DB261525} {8336E679-22F4-4C35-AF03-89E6A9890158} 16047⤵
-
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /x "{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False_v\11.0.50727.1\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False_v\11.0.50727.1\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.51106.1\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.51106.1\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.60610.1\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.60610.1\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86\11.0.61030.0\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86\11.0.61030.0\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86\11.0.61030.0\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86\11.0.61030.0\vcredist_x86.exe" /quiet /norestart6⤵
- Adds Run key to start application
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86\11.0.61030.0\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86\11.0.61030.0\vcredist_x86.exe" /quiet /norestart -burn.unelevated BurnPipe.{E21674A6-0795-47C5-8A10-79F56812C4A4} {67BF2D21-F205-472F-AD30-5572DE668725} 30287⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.61030.0\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.61030.0\vcredist_x86_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.61030.0\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.61030.0\vcredist_x86_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{2BE8C2B8-B2C8-4F47-8F81-A23256566A95} {18060CBA-1B7F-4774-8E5A-9F981FC653EA} 24367⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.60610.1\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.60610.1\vcredist_x86.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.60610.1\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.60610.1\vcredist_x86.exe" /quiet /norestart -burn.unelevated BurnPipe.{333B8C70-7932-488D-92A5-851B1E683481} {12236ED5-9DD3-479F-8973-BDB5B670ECEC} 11367⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.60610.1\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.60610.1\vcredist_x86_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.60610.1\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.60610.1\vcredist_x86_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{D9BB05F5-769E-4208-AB84-07C85F5B5740} {36581580-5331-494E-8104-30E0A1B8260A} 37407⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.51106.1\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.51106.1\vcredist_x86.exe" /quiet /norestart6⤵
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.51106.1\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.51106.1\vcredist_x86.exe" /quiet /norestart -burn.unelevated BurnPipe.{F805861A-B28A-433F-BB48-47DC488630B9} {1D81CAB8-416D-4F70-A3E2-1F1E48CD4914} 55007⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.51106.1\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.51106.1\vcredist_x86_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.51106.1\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False\11.0.51106.1\vcredist_x86_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{143212B5-D69B-4438-9C4B-BF0995D566A6} {29A883EF-7842-4C97-9D84-A7EEDC7BD761} 35847⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False_v\11.0.50727.1\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False_v\11.0.50727.1\vcredist_x86.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False_v\11.0.50727.1\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False_v\11.0.50727.1\vcredist_x86.exe" /quiet /norestart -burn.unelevated BurnPipe.{A9234570-DE98-4178-B969-AA3BA1A27E4E} {EAB13D34-7BAE-45BB-B680-D363E30F7BD0} 40767⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False_v\11.0.50727.1\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False_v\11.0.50727.1\vcredist_x86_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False_v\11.0.50727.1\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x86_False_v\11.0.50727.1\vcredist_x86_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{909CC958-02ED-4E30-996C-9E0FC6F85FDA} {8197A7B2-4C18-45B2-9876-F7C4125E804B} 23647⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x86.exe" /quiet /uninstall6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x86.exe" /quiet /uninstall -burn.unelevated BurnPipe.{A09A4C57-36ED-47CE-8543-5844B8B2C811} {4C16AAA3-F7E6-406B-93F1-4B7CC0323E33} 59407⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x86_eng.exe" /quiet /uninstall6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x86_eng.exe" /quiet /uninstall -burn.unelevated BurnPipe.{5DEE121C-5FBB-4837-9C07-8EA288307262} {F5A4283D-EE4B-46F2-988E-78842D372F4C} 51407⤵
-
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /x "{E30D8B21-D82D-3211-82CC-0F0A5D1495E8}" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.30501.0\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.30501.0\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40649.5\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40649.5\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40660.0\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40660.0\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86\12.0.40664.0\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86\12.0.40664.0\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86\12.0.40664.0\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86\12.0.40664.0\vcredist_x86.exe" /quiet /norestart6⤵
- Adds Run key to start application
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86\12.0.40664.0\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86\12.0.40664.0\vcredist_x86.exe" /quiet /norestart -burn.unelevated BurnPipe.{F6283E82-74F4-42B0-ADDE-4B117EFDC8DF} {FF0E0311-F67B-45D6-B9D3-9CE16D4515DE} 53647⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40664.0\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40664.0\vcredist_x86_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40664.0\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40664.0\vcredist_x86_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{F42FC80A-CB0B-4AAF-8C5C-8703B04E515E} {5F859AAB-6E62-40DA-8174-694187F30B71} 34727⤵
-
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2019_x86\14.20.27508.1\vcRuntimeMinimum_x86\vc_runtimeMinimum_x86.msi" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2019_x86\14.20.27508.1\vcRuntimeAdditional_x86\vc_runtimeAdditional_x86.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2019_x86\14.20.27508.1\VC_redist.x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2019_x86\14.20.27508.1\VC_redist.x86.exe" /quiet /norestart6⤵
-
C:\Windows\Temp\{C55C1B98-C725-4556-B534-0BA7D51A6762}\.cr\VC_redist.x86.exe"C:\Windows\Temp\{C55C1B98-C725-4556-B534-0BA7D51A6762}\.cr\VC_redist.x86.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2019_x86\14.20.27508.1\VC_redist.x86.exe" -burn.filehandle.attached=540 -burn.filehandle.self=648 /quiet /norestart7⤵
-
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x64_False\8.0.50727.42\vcredist.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x64_False\8.0.50727.762\vcredist.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x64_False\8.0.50727.832\vcredist.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x64_False\8.0.50727.3079\vcredist.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x64_False\8.0.50727.4053.0\atl80sp1_kb973923.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x64_False\8.0.50727.4053\vcredist.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x64_False\8.0.50727.5592\vcredist.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x64\8.0.50727.6195\vcredist.msi" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /x "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x64_False\9.0.21022.8.0\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x64_False\9.0.21022.8\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x64_False\9.0.21022.218\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x64_False\9.0.30411.0\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x64_False\9.0.30729.1.0\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x64_False\9.0.30729.1\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x64_False\9.0.30729.17\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x64_False\9.0.30729.4048\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x64_False\9.0.30729.4148.0\atl90sp1_kb973924.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x64_False\9.0.30729.4148\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x64_False\9.0.30729.5570\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2008_x64\9.0.30729.6161\vc_red.msi" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /x "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2010_x64_False\10.0.30319.1\vc_red.msi" /qn ARPSYSTEMCOMPONENT=16⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2010_x64\10.0.40219.473\vc_red.msi" /qn6⤵
-
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x64.exe" /quiet /uninstall6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x64.exe" /quiet /uninstall -burn.unelevated BurnPipe.{E1877EC9-409C-4150-959E-8D601FF73835} {E8FD98B4-0CB9-41CF-B02E-E8C1A612A626} 28487⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x64_eng.exe" /quiet /uninstall6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp7\vcredist_x64_eng.exe" /quiet /uninstall -burn.unelevated BurnPipe.{0FA619E1-2918-41EB-9554-05CDAAD3ED32} {6F27F0F6-F6C2-4E08-B9B0-4FAA71BAD394} 10807⤵
-
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /x "{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False_v\11.0.50727.1\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False_v\11.0.50727.1\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.51106.1\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.51106.1\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.60610.1\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.60610.1\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64\11.0.61030.0\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64\11.0.61030.0\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64\11.0.61030.0\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64\11.0.61030.0\vcredist_x64.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64\11.0.61030.0\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64\11.0.61030.0\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{C5CCCF1E-1177-4F9F-8372-2035A2CEA6DE} {DF55F23D-1753-4291-9D1B-E9A8C166D49E} 53407⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.61030.0\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.61030.0\vcredist_x64_eng.exe" /quiet /norestart6⤵
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.61030.0\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.61030.0\vcredist_x64_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{24087808-DCB1-488B-852D-A566040B3EA8} {3B0271A3-81FF-4CE6-A06E-2969B2F8D9B5} 58087⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.60610.1\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.60610.1\vcredist_x64.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.60610.1\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.60610.1\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{3C766DDD-5CF3-4357-9C52-7769BB596C04} {E7DDCE76-BB86-4451-8E45-2F51B3AF241A} 45487⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.60610.1\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.60610.1\vcredist_x64_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.60610.1\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.60610.1\vcredist_x64_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{8A4D07F5-4A2E-462A-B880-C8C79A1C0F17} {3CD4EB31-9ED4-4CF2-B8EC-B3AB14E2FF61} 39247⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.51106.1\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.51106.1\vcredist_x64.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.51106.1\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.51106.1\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{B5733687-963B-4BC5-B1C5-FE78B51F56AC} {E00C38A4-6DAE-4E01-96FB-7F513E62142F} 42927⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.51106.1\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.51106.1\vcredist_x64_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.51106.1\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False\11.0.51106.1\vcredist_x64_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{4D704AC9-AF97-42E7-8094-023594DB1AD1} {618E97B6-2AB5-41ED-B529-1CE5045870D4} 14767⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False_v\11.0.50727.1\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False_v\11.0.50727.1\vcredist_x64.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False_v\11.0.50727.1\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False_v\11.0.50727.1\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{40DA05A0-FB76-47A8-8F01-E52FC47C145B} {E2821176-3B10-429D-BFF3-FDC74E3C0CD4} 31807⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False_v\11.0.50727.1\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False_v\11.0.50727.1\vcredist_x64_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False_v\11.0.50727.1\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2012_x64_False_v\11.0.50727.1\vcredist_x64_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{10AB0AF4-EECB-4CE6-A098-0A9729DE35BA} {5678BEE3-3B76-4CC3-8232-B4748D657D8A} 21967⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x64.exe" /quiet /uninstall6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x64.exe" /quiet /uninstall -burn.unelevated BurnPipe.{E59080A3-9750-454A-AC81-B1DBDE8B37CA} {F5EE38DA-80C9-4DC9-B697-8CA3BECE788B} 4407⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x64_eng.exe" /quiet /uninstall6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\nsi.tmp5\vcredist_x64_eng.exe" /quiet /uninstall -burn.unelevated BurnPipe.{7572AE33-752E-4276-A084-1D32CAC86E66} {7A1C22F7-A18B-45F7-8911-DBD2F1DB2313} 56207⤵
-
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /x "{CB0836EC-B072-368D-82B2-D3470BF95707}" /qn6⤵
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.30501.0\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.30501.0\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40649.5\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40649.5\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40660.0\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40660.0\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64\12.0.40664.0\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64\12.0.40664.0\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64\12.0.40664.0\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64\12.0.40664.0\vcredist_x64.exe" /quiet /norestart6⤵
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64\12.0.40664.0\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64\12.0.40664.0\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{D6AE6835-83C4-4AE2-BD80-2574756997AC} {647ED61B-0C25-409F-923E-1D279C9A22B6} 51127⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40664.0\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40664.0\vcredist_x64_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40664.0\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40664.0\vcredist_x64_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{B5AED75C-69D0-463B-8143-643CDC35F182} {C26C14F2-1331-48A8-8A70-BB300A626CDC} 49847⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40660.0\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40660.0\vcredist_x64.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40660.0\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40660.0\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{C114BA11-6ADA-496B-B8C8-602D152A445D} {5C1B872F-4062-4A45-B5A2-323F650D25AA} 55767⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40660.0\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40660.0\vcredist_x64_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40660.0\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40660.0\vcredist_x64_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{84DC10D9-29FD-4232-9998-39688E9E796E} {4E6B2842-CCB3-43CC-932F-E2CD7C81A45D} 11367⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40660.0\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40660.0\vcredist_x86.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40660.0\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40660.0\vcredist_x86.exe" /quiet /norestart -burn.unelevated BurnPipe.{56859A90-8CEF-4246-88B5-A301FE18369E} {15BD5E04-B9B1-48E6-8EB7-774292613FA3} 6647⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40660.0\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40660.0\vcredist_x86_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40660.0\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40660.0\vcredist_x86_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{8C49A274-0C78-4720-A2AD-CA80E7F3DA42} {70214516-1033-4436-A725-42F77F053B96} 55247⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40649.5\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40649.5\vcredist_x64.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40649.5\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40649.5\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{F88B6120-DA42-46DC-BAE1-8034FBE39F58} {594BB756-0583-4F70-B71E-162A188097C7} 55007⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40649.5\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40649.5\vcredist_x64_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40649.5\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.40649.5\vcredist_x64_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{66B24D59-2B8F-4AF8-B1FA-B891DC427EE6} {4D792291-E0C9-4B0A-A93F-B223646921E1} 55607⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40649.5\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40649.5\vcredist_x86.exe" /quiet /norestart6⤵
- Adds Run key to start application
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40649.5\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40649.5\vcredist_x86.exe" /quiet /norestart -burn.unelevated BurnPipe.{CDC90C4C-AE21-48C0-BA5B-1CD8CE12E205} {3CF31A02-970F-4772-AA5D-93F54ABCC2EC} 42727⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40649.5\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40649.5\vcredist_x86_eng.exe" /quiet /norestart6⤵
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40649.5\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.40649.5\vcredist_x86_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{07DB70D2-40B2-47FA-B889-6F9553E06F66} {48753C8E-0EF8-48F7-814D-2A6614931215} 60647⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.30501.0\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.30501.0\vcredist_x64.exe" /quiet /norestart6⤵
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.30501.0\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.30501.0\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{BC90A545-D3B3-4222-B80A-91C6D7586E7A} {829DAF3E-273C-48DA-A699-259A003D5ED4} 55527⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.30501.0\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.30501.0\vcredist_x64_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.30501.0\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.30501.0\vcredist_x64_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{2B1C7AEC-6863-4ADD-9E57-61C155577FC9} {AB1DBB0B-04BD-4AB4-ABEE-07B5414E05FD} 50607⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.30501.0\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.30501.0\vcredist_x86.exe" /quiet /norestart6⤵
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.30501.0\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.30501.0\vcredist_x86.exe" /quiet /norestart -burn.unelevated BurnPipe.{1162390E-0E38-4A4C-B9BC-A6ECBC9470DA} {F0B09D77-13D1-4B73-B38C-FC00ED48A05E} 59687⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.30501.0\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.30501.0\vcredist_x86_eng.exe" /quiet /norestart6⤵
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.30501.0\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.30501.0\vcredist_x86_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{17CCE670-D046-4C65-AAB1-4348B3ECB796} {6D493528-04B8-414F-B991-CF65B6F07670} 56447⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.21005.1\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.21005.1\vcredist_x64.exe" /quiet /norestart6⤵
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.21005.1\vcredist_x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.21005.1\vcredist_x64.exe" /quiet /norestart -burn.unelevated BurnPipe.{505CAA6D-E5B0-4041-B3B8-BACF450BB1AC} {18844A64-5E68-42F6-BA3D-53D1848E1CF3} 19127⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.21005.1\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.21005.1\vcredist_x64_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.21005.1\vcredist_x64_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x64_False\12.0.21005.1\vcredist_x64_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{9FAAFA47-8E89-47F3-8523-5434D91C8758} {0B2A82A2-0D99-405C-A880-37735EA814BE} 57167⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.21005.1\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.21005.1\vcredist_x86.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.21005.1\vcredist_x86.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.21005.1\vcredist_x86.exe" /quiet /norestart -burn.unelevated BurnPipe.{C53E3665-8968-4874-8F9B-B455523906F5} {1B91C4B3-5D56-41A5-A7BD-A7895E71172B} 46807⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.21005.1\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.21005.1\vcredist_x86_eng.exe" /quiet /norestart6⤵
- Adds Run key to start application
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.21005.1\vcredist_x86_eng.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2013_x86_False\12.0.21005.1\vcredist_x86_eng.exe" /quiet /norestart -burn.unelevated BurnPipe.{A6A0BFA1-3131-47AD-8322-83C0256C3C9E} {64596E87-D24A-488A-AEFB-0D49861F29E3} 31447⤵
-
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2019_x64\14.20.27508.1\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2019_x64\14.20.27508.1\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msi" /qn6⤵
- Enumerates connected drives
-
-
C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2019_x64\14.20.27508.1\VC_redist.x64.exe"C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2019_x64\14.20.27508.1\VC_redist.x64.exe" /quiet /norestart6⤵
-
C:\Windows\Temp\{B52CD302-B3A3-487E-80D0-0104D9AB1158}\.cr\VC_redist.x64.exe"C:\Windows\Temp\{B52CD302-B3A3-487E-80D0-0104D9AB1158}\.cr\VC_redist.x64.exe" -burn.clean.room="C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2019_x64\14.20.27508.1\VC_redist.x64.exe" -burn.filehandle.attached=544 -burn.filehandle.self=552 /quiet /norestart7⤵
-
-
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "csgo.exe\"" /FO CSV4⤵
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq csgo.exe" /FO CSV5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "faceitclient.exe\"" /FO CSV4⤵
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq faceitclient.exe" /FO CSV5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "faceitservice.exe\"" /FO CSV4⤵
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq faceitservice.exe" /FO CSV5⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 62DBF9290209B993A9A757D1160F9B244⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 62DBF9290209B993A9A757D1160F9B245⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 438E4D7EBE39F1538BBF28DCEA2603304⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 438E4D7EBE39F1538BBF28DCEA2603305⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 7C9F8B73BF303523781852719CD9C7004⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 7C9F8B73BF303523781852719CD9C7005⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f a4cab25097f64d640a42c11e4b7fc34d4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f a4cab25097f64d640a42c11e4b7fc34d5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {35459b22-19a6-44ec-8d34-27eb3131acac}4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {35459b22-19a6-44ec-8d34-27eb3131acac}5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f Microsoft.VS.VC_RuntimeAdditional_x86,v114⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f Microsoft.VS.VC_RuntimeAdditional_x86,v115⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {0f12c81f-93ef-46ec-bc94-d952c1a775d4}4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {0f12c81f-93ef-46ec-bc94-d952c1a775d4}5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {f65db027-aff3-4070-886a-0d87064aabb1}4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {f65db027-aff3-4070-886a-0d87064aabb1}5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full" /v Release4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full" /v Release5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\taskkill.exe /f /im csgo.exe4⤵
-
C:\Windows\System32\taskkill.exeC:\Windows\System32\taskkill.exe /f /im csgo.exe5⤵
- Kills process with taskkill
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath5⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
- Adds Run key to start application
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV4⤵
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV5⤵
- Enumerates processes with tasklist
-
-
-
C:\Program Files\ExLoader\ExLoader.exe"C:\Program Files\ExLoader\ExLoader.exe"4⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString6⤵
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV5⤵
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV6⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "csgo.exe\"" /FO CSV5⤵
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq csgo.exe" /FO CSV6⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "faceitclient.exe\"" /FO CSV5⤵
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq faceitclient.exe" /FO CSV6⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "faceitservice.exe\"" /FO CSV5⤵
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq faceitservice.exe" /FO CSV6⤵
- Enumerates processes with tasklist
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 6138DFD21FE9012309C8C46B91161CCA5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 6138DFD21FE9012309C8C46B91161CCA6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f F90E4FA5B9C5FAA37B1345D4D38C12DD5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f F90E4FA5B9C5FAA37B1345D4D38C12DD6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 8520DAD7C5154DD39846DB1714990E7F5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 8520DAD7C5154DD39846DB1714990E7F6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 3e43b73803c7c394f8a6b2f0402e19c25⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 3e43b73803c7c394f8a6b2f0402e19c26⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {95716cce-fc71-413f-8ad5-56c2892d4b3a}5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {95716cce-fc71-413f-8ad5-56c2892d4b3a}6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {050d4fc8-5d48-4b8f-8972-47c82c46020f}5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {050d4fc8-5d48-4b8f-8972-47c82c46020f}6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {8e70e4e1-06d7-470b-9f74-a51bef21088e}5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {8e70e4e1-06d7-470b-9f74-a51bef21088e}6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f Microsoft.VS.VC_RuntimeAdditional_amd64,v115⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f Microsoft.VS.VC_RuntimeAdditional_amd64,v116⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full" /v Release5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\NET Framework Setup\NDP\v4\Full" /v Release6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\taskkill.exe /f /im csgo.exe5⤵
-
C:\Windows\System32\taskkill.exeC:\Windows\System32\taskkill.exe /f /im csgo.exe6⤵
- Kills process with taskkill
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString6⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString6⤵
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV5⤵
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV6⤵
- Enumerates processes with tasklist
-
-
-
C:\Program Files\ExLoader\ExLoader.exe"C:\Program Files\ExLoader\ExLoader.exe"5⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid6⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid7⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid6⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid7⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath6⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath7⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath6⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath7⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath6⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath7⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString6⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString7⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString6⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString7⤵
-
-
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV6⤵
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV7⤵
- Enumerates processes with tasklist
-
-
-
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v InstallDate3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v InstallDate4⤵
-
-
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware4⤵
-
-
-
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exeC:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --silent --allusers=03⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies system certificate store
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exeC:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=91.0.4516.20 --initial-client-data=0x2e8,0x2ec,0x2f0,0x2e4,0x2cc,0x74ae3fc8,0x74ae3fd8,0x74ae3fe44⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe"C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=0 --server-tracking-data=server_tracking_data --initial-pid=3116 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20220924135632" --session-guid=7b9e3c8c-6927-4230-ba2a-d1005c7688d1 --server-tracking-blob="OTFlZDY3MmNjMGVkOTBhN2E5MTdkMDkxOTRjOGJiZjRiZTkxMzhiYzAyMjhmODFjYzMxZmE2NzY5OWFiMDA5ZDp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU9MRF9fMTgyMjZhIiwidGltZXN0YW1wIjoiMTY2NDAyMDU4Ny4zODc0IiwidXNlcmFnZW50IjoiRGFydC8yLjE4IChkYXJ0OmlvKSIsInV0bSI6eyJjYW1wYWlnbiI6Ik9MRF9fMTgyMjZhIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiT0ZUIn0sInV1aWQiOiJjMDVmOTc2NS1mNGUxLTQwZTgtOGEzYi0yZTU0ZDZhY2RkNTIifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6C050000000000004⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exeC:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=91.0.4516.20 --initial-client-data=0x2e4,0x2f4,0x2f8,0x2c0,0x2fc,0x72853fc8,0x72853fd8,0x72853fe45⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\installer.exe"C:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\installer.exe" --backend --initial-pid=3116 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=0 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202209241356321" --session-guid=7b9e3c8c-6927-4230-ba2a-d1005c7688d1 --server-tracking-blob="OTFlZDY3MmNjMGVkOTBhN2E5MTdkMDkxOTRjOGJiZjRiZTkxMzhiYzAyMjhmODFjYzMxZmE2NzY5OWFiMDA5ZDp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU9MRF9fMTgyMjZhIiwidGltZXN0YW1wIjoiMTY2NDAyMDU4Ny4zODc0IiwidXNlcmFnZW50IjoiRGFydC8yLjE4IChkYXJ0OmlvKSIsInV0bSI6eyJjYW1wYWlnbiI6Ik9MRF9fMTgyMjZhIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiT0ZUIn0sInV1aWQiOiJjMDVmOTc2NS1mNGUxLTQwZTgtOGEzYi0yZTU0ZDZhY2RkNTIifQ== " --silent --desktopshortcut=1 --install-subfolder=91.0.4516.215⤵
- Executes dropped EXE
- Registers COM server for autorun
- Loads dropped DLL
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\installer.exeC:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=91.0.4516.21 --initial-client-data=0x2a0,0x2a4,0x2a8,0x27c,0x2ac,0x7ffbbb558dd0,0x7ffbbb558de0,0x7ffbbb558df06⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe"C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized6⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher7⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
-
C:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_crashreporter.exeC:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=91.0.4516.21 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x7ffbb4781a10,0x7ffbb4781a20,0x7ffbb4781a308⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 --field-trial-handle=1864,i,5395580843561567246,8449393681155211577,131072 /prefetch:28⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=1948 --field-trial-handle=1864,i,5395580843561567246,8449393681155211577,131072 /prefetch:88⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202209241356321\assistant\_sfx.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202209241356321\assistant\_sfx.exe"4⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202209241356321\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202209241356321\assistant\assistant_installer.exe" --version4⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202209241356321\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202209241356321\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=91.0.4516.16 --initial-client-data=0x280,0x284,0x288,0x25c,0x28c,0xa18748,0xa18758,0xa187645⤵
- Executes dropped EXE
-
-
-
-
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid1⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Enumerates system info in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_crashreporter.exeC:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=91.0.4516.21 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x7ffbb4781a10,0x7ffbb4781a20,0x7ffbb4781a302⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:22⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=1852 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=2304 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=2740 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=3080 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=3096 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=3108 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=3120 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=3132 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3356 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=3364 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=4380 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=4388 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=4428 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4436 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4784 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=4896 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=5160 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=5276 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=5344 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=5448 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5512 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=5556 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6112 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=6544 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=6424 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=6484 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_autoupdate.exe"C:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c12⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=6416 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=5136 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=6548 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=6572 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=6556 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=6408 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=6580 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=6604 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=6780 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=3352 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=4136 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=5148 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --mojo-platform-channel-handle=3132 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=3916 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=7304 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=8756 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=8788 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --mojo-platform-channel-handle=9092 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=8268 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=3360 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=9404 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=8848 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=6452 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=6400 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=4200 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=8616 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=8216 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
- Executes dropped EXE
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=8164 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=7804 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --mojo-platform-channel-handle=8060 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:82⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:booking-modal=off --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:in-house-autocomplete-send=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=GROW-2648-variant9:GROW-2648 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --mojo-platform-channel-handle=8788 --field-trial-handle=1956,i,7032887320731400096,10712071787371986739,131072 /prefetch:12⤵
- Checks computer location settings
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_autoupdate.exe"C:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_autoupdate.exe" --edition --host=https://autoupdate.geo.opera.com/ --installationdatadir="C:\Users\Admin\AppData\Local\Programs\Opera" --installdir="C:\Users\Admin\AppData\Local\Programs\Opera" --lang=en-US --pipeid --producttype --requesttype=shutdown --version=91.0.4516.21 --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --firstrunver=91.0.4516.21 --firstrunts=1664027828 --consent-info=eyJzdGF0aXN0aWNzX2NvbGxlY3Rpb25fZW5hYmxlZCI6dHJ1ZSwidXNlcl9leHBlcmllbmNlX21ldHJpY3NfcmVwb3J0aW5nX2VuYWJsZWQiOnRydWV92⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_autoupdate.exeC:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=91.0.4516.21 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff7a7732718,0x7ff7a7732728,0x7ff7a77327383⤵
-
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_autoupdate.exeC:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=91.0.4516.21 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff7a7732718,0x7ff7a7732728,0x7ff7a77327381⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exeC:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=91.0.4516.21 --newautoupdaterlogic1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version2⤵
-
-
C:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_autoupdate.exe"C:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_autoupdate.exe" --pipeid=oauc_task_pipedcbb8f53eff625f232ff45d764476217 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015" --scheduledtask2⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_autoupdate.exeC:\Users\Admin\AppData\Local\Programs\Opera\91.0.4516.21\opera_autoupdate.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\Crash Reports" --crash-count-file=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\crash_count.txt --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=91.0.4516.21 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff7a7732718,0x7ff7a7732728,0x7ff7a77327383⤵
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version3⤵
-
-
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding E8AA8DDC297C8B3CCBAD66DD069116812⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 79FA6FDB3DD3699091C53888363C8EBD2⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding BDD65B2FE6E0D0F8C391F8B38B4270BD2⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 70F128A305B74088BA893B1064BDB5522⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 180F12D5F96E14569635B4D048B200472⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 0E82773B90A106CDF1778E99E58659642⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 633799539578FD7EC204279C4B8881202⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding C3B06B7EA52D69D9764BFCD5200F33932⤵
-
-
\??\c:\Windows\syswow64\MsiExec.exec:\Windows\syswow64\MsiExec.exe -Embedding 4F2408BC9934359914A70DAF51EC01B32⤵
-
-
\??\c:\Windows\syswow64\MsiExec.exec:\Windows\syswow64\MsiExec.exe -Embedding 6E5FEDEB0ADB2E438C2BFDA9B9CB233A2⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 9C883880EBC76D5831433BC46EDB0DDD2⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding A7BDBE9415D1BE46D30F24507B25340F2⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 087BFBF06749D0CD21A02D362F4F064D2⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1FAD307F849D46DDEF01FA7CA7AEE0382⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 1CB6CA0D7672D12D30849B806A19532D2⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 0E33963C23CA44F07A201FBA7BBFD2952⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 0FF83BF563C03413F33711B9159487802⤵
-
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 51E08D8F4778BC2C18DCF91F0984257C2⤵
-
-
\??\c:\Windows\System32\MsiExec.exec:\Windows\System32\MsiExec.exe -Embedding 0160A308C63A7FEFD843133F9CDF12B22⤵
-
-
\??\c:\Windows\System32\MsiExec.exec:\Windows\System32\MsiExec.exe -Embedding 591C2E502588E8DD334953383AA1EC742⤵
-
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
198KB
MD5e3e0ed49525ef464febcd950614d8f51
SHA1cfb6fa3685d60be50160366aa828a849cb8776b6
SHA256194cbdac9a7587d7f824e6bf2f782963b65532142eea5ec53b5d475dbc5dc6c9
SHA512bca835ed8e5fb14574d148caee270b398c1d63995a0a8a64f82e361ac6e8377d51ce902aec7ffacfb6c00ae1582b63324fe57cdb155037b4830700209d0a48b6
-
Filesize
198KB
MD5e3e0ed49525ef464febcd950614d8f51
SHA1cfb6fa3685d60be50160366aa828a849cb8776b6
SHA256194cbdac9a7587d7f824e6bf2f782963b65532142eea5ec53b5d475dbc5dc6c9
SHA512bca835ed8e5fb14574d148caee270b398c1d63995a0a8a64f82e361ac6e8377d51ce902aec7ffacfb6c00ae1582b63324fe57cdb155037b4830700209d0a48b6
-
Filesize
558KB
MD5bf78c15068d6671693dfcdfa5770d705
SHA14418c03c3161706a4349dfe3f97278e7a5d8962a
SHA256a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb
SHA5125b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372
-
Filesize
94KB
MD511d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
Filesize
36KB
MD57667b0883de4667ec87c3b75bed84d84
SHA1e6f6df83e813ed8252614a46a5892c4856df1f58
SHA25604e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74
-
Filesize
12.9MB
MD5648cbc045cc5e3200f186c6bbab623dd
SHA1e6d0dfaeb1f38b0c11f22723bba0dbaf6ae1cd4c
SHA2562f9a78e5a9652c831951467901cf1b4fe21140be914c7056ab7521f721b0f941
SHA51245426507b9f5defb64ce9bc3f4f2fab26e4a5725cac8aea59978ab187fd9a8f1d176fba6dff975a932955a0a8f2acb9283603f33f0fb12e4debc40119fec9013
-
Filesize
14KB
MD552ad5cc49021424359d4d5e4d3678021
SHA119924abbd6f83e6012bfcf9fc2777551c662b3ed
SHA256ddae0aefdc781f2675357f4f7f7c2ca5483f828ebf0aba44b3956cdd09a0c078
SHA5125d7ea29a47a02217a5f571530ede425b07d28eb282591c84a873646ac873e13cadc9228daded8e17d3afab7b67961724d261903380176f563314e3b0be8a9b3e
-
Filesize
541B
MD5207cb008b22eb824caab114233ec6e2a
SHA1d957e89dd778129368ed48b4bcaa0453b36b1688
SHA25694154480f043fda7c0987bf247e8ece44458cb3e9e17d2c6bade2ece30f219cc
SHA512c633356b9a202e5d4aa9e50960d3a9bff7095995823af2d9d6528d765d67090592fda4496b0674c85b6f04a8df4abc4b81266da00a5c48e010995867d49675eb
-
Filesize
1.5MB
MD595db9098c58fd6db106f1116bae85a0b
SHA199c98dac2ef47bf393f3dcbfa79120c6456c2ebb
SHA25606e81144996425d00162ba62f990dcbd98ec87e10f43851fd924fae5bf37be57
SHA512b1d64cde416e23f5ab90d91dafd1c8009d399df715c8e37abfbe882036b93afa1f5f87d99620c24c38c6665010ad5f2ab753443c41dff7117f3def06fd3b4832
-
Filesize
255KB
MD588932dadc42e1bba93b21a76de60ef7a
SHA13320ff5514b32565b0396de4f2064ce17ec9eea4
SHA256c4c8cb572a5a2c43d78b3701f4b2349684e6ca4d1557e469af6065b1e099c26c
SHA512298e1e171dbbe386e1abe153446b883c40910819099f64f54dc9faa95d739be56839537342bbe8dd8408545cb1f8c98878a3524d91af1f11a112d1bfc202657a
-
Filesize
254KB
MD5a98626e1aef6ceba5dfc1ee7112e235a
SHA1ca42fe10fa893f390472859405c7564095e4260f
SHA25692b3d3c6e135eb1dc95f88e6ca75bd6113d9eb3261a95ca39f733e3897e53675
SHA51281761cd87aece3cea03b4520d8c7518f8d549d8e91cce2a4a4752729e7a28ad4b502472731a06f7051f357bfa1042640a5e7592887b1c3914de0dfe230ef882c
-
Filesize
254KB
MD5c88cecbffad6d8e731fd95de49561ebd
SHA14ef29a9163b56df34a3486b98b24be3a3d0cdca6
SHA256bab583d38d105dac9141b287fb2b7763b6d8b0bae97e745faaccedb40a579c29
SHA512d514f33af50e74906617f8a9bb91e91f11a3ad3387f262c78804252df284e860d9d61d0bb4a61b60f122a00749824957bf53e8c308d7a53b722e7b88777c791d
-
Filesize
1KB
MD59cc12b49b54979a31d5222114ff7c880
SHA1aa4894e9a3f756921697f45d8e819ee5c1510f1c
SHA25681eeb21e6fa6d5245f8bb90a080603738e167d381f67aeef0f2a672d3cce5786
SHA5121e26694d57bcc2e4a902fe451f2408527bd90fd4068cb129486ceffb5bea9de6a0b48a844fbc1b40e057f62b173438ea03f88d01439015ce2dc0b415b387de31
-
Filesize
495B
MD5860f8d49c488b32bb5739c471118c252
SHA1b67ce2dd5cf0fd6ce24d6b187150d4a505981aec
SHA2567ad62864a719bf6a2121fd4b7825c608d88d3ecc3616291b141ff21e3e4b2d0d
SHA5123ee573e5c5eecdf40b054d07017e7673dd31ef83a8ceb26212989cc197116d9952863d407af13e210027b77ea090c8afbcb6412aacac20e996a0889f66e0845c
-
Filesize
988B
MD57b9aa21505f509102849e9741b12a5f4
SHA1b7c7ede42d3959fe6484c89206bf761627f508a8
SHA2567b9ba510b5903dbb9b72454a3ea08b2eed41aa0aa497779be14aea1121159a1e
SHA51218b6aa814e9fba04d6dc5c9ecb322281ac5521392da44c7389531adeec353362a78b1dbf440f42774747510846ddaeb46c5b3b43204cceca66c46841b3d3e858
-
Filesize
1KB
MD5e5b1dd7ec4af2485d699892838373674
SHA1b732f6ddf5e1c0676bd4de3ab45b3f8869b457c4
SHA2561c1eeae8816502f2f04563af081002ead84e934c1cc24d483a0565f165a9d222
SHA51218830793a56759ba094fd1fe87315a748d96d650db52323143ab9dabdde3454b76b37436547a5085b8f02c58d143eccb797529485c91b8d65192fd48327bbbb7
-
Filesize
1KB
MD504c67a78e57fe41814a4e5377ee59aa5
SHA1b6fdf3673d8b4265f5be0ccb96c2d47cca3bf2b9
SHA25608a09fc49daf5938395087eb5dde519043aee6f2474ddf30d1af42a6428bc580
SHA5125c16751df901ffd98c61ca30fb67538dbb6b72946f901eaa0bca0896ab56b83bcda7f0e115b38f0ac1b0c85aa63948ac40116d643c756473d82fa4abb45f83d4
-
Filesize
361B
MD5b27ac70f81b9b2fd4354a36302762184
SHA1599acb44c0e534c373df84878b32685254127b7c
SHA2567498275739335d72f1553ac6da40ba121f36d5374383895e7e9ea77a946d6116
SHA5125e7348bf09baee5d685875ede0a881f08468c55d83188c299e0f0b27e5ff31099c289abb1fe70501bab19af4b21b6793adf97ab082e94ecacfc601057a6277ec
-
Filesize
2KB
MD5a6a49eb50acda68193097b384021d5bd
SHA1261e1d9b2450b27678c63d5bedf4513bd6582d70
SHA25625a2d2ae45fe4b903e5a9880ab16fd1d977d58cad899a2ad06264ce809c860d3
SHA512a726a16281c19b940c798ce675c73a77ca1bcbdc3813d9aa7f289ccea37e52ac9baced968ed3f85dbaf0cd75860c6af0bd235733140db29bb7b8a2236711f960
-
Filesize
299B
MD548136cdde28ef3bd42836d10a06b43fb
SHA1623781c566c4cf19d0139b8036ce3bb5b076aa85
SHA2564209cfea7eadb13b87a41dd79083b20aff8830ac3701d85eba9d939dc5b57af3
SHA512ba16dafcab39d4fa8c0295e0f4707284a0f8c90333ee5b6135fd2ddd76f9a9920c40e5cbb730a1cb5a809228d6dbf6f5ad797d9d1e2c783dcea066bbb2a23c55
-
Filesize
3KB
MD5fcca5b3c13e7069f276eb21f3dfb75de
SHA173d7022d1def2a856b26765d036426178f29559a
SHA256f2268c760778dd5dfd57f7678fe60708e8e0f271fc7859c66e15d4be10c4a019
SHA512583a5e4b88cb304f4025b4381de07856bafea8e11308ae8d3c01f81391ddcff85a63097277d315cbbf6809efca2dd16d24a82975de61b28d5e3d7a7d5f6caead
-
Filesize
2KB
MD589e3d8fb40d8aefccf9db8b2191fe839
SHA1b18c68d1e1236d0e4516f73e9893e9d62dcd80b8
SHA2563549a710377aca99691cec4cd9bd01597ba769d2cf4a8ee8666c9d95490f9811
SHA51230235fe1c649f8a8347ff9e0d3af296efb3813bed5466afa521b15925508f7db7aa6888c81617345e89eb42a1fed2db6be6ef7194fbf4b4ff6d4c6da7baf19e5
-
Filesize
752B
MD562b10d52595f974207c3cf61fea334bf
SHA1c3f6a48cff2e3bf92ba0a7a22917bdd9f277523b
SHA25677902ca35bed519645858f14270a367ae0afb0cb1cc353e648ff0dd90857fc3a
SHA512d805c7d086c21450b2566f8da178cd4b7cdc0dcff86fd82309144c8e47e9b027713e4ac358a273c70a23b13ea8ef3fdf1d423f0ddbf793f47ec96829ed832b18
-
Filesize
498B
MD55b896d04e5daea39b5401b8bb0762a93
SHA1cd2f1a700f10c0d54a5bb7baad677a16dcfcbbfa
SHA2564be192cb209633a48c7eae62065f7c8eabdab7e6eb435b1413028fb93e4b5fd0
SHA512682a4a442e56d86153c471e0ae9b74a0aa0c96a3f62e5b69d48e43e1728b57e042dbfe2ca8259ce8dfc69ef28ffd301a2bb92120f3504bce998a65e50c65a5a8
-
Filesize
1KB
MD5dbf11538f040a4a6880550bd7cd0e6d9
SHA1347934640920836a4b4a06323baba6d43163131c
SHA256b82f35aa61245dc8750ed337c04ee4c31277257124eba2d12e93feb346bb7e49
SHA5127ff3a3662f5005855890ce4bd3f977826a7b4d3a465f9419e4208669a404a932696a557cf6f0e754c4ead9bac0221e44c4a9f5e5757a5878f85cba2166aa9796
-
Filesize
330B
MD5776c137f6b6fc0161cccef9229adf74f
SHA1b15b53f6c286d9325995cede4b022689b44c0d8e
SHA256641f30c10af5e892fff394eb39c2d4905ab7851e3146262ca9d6fa8f09163ea5
SHA512b4188e1fd182db4689b6b1aa32d9aa51b882396d49b662df41e1d3d8507c2087fa10136c29c5ec6671e88628fdfba42ebc90c2913f591dd66c7509e24e5d833b
-
Filesize
230B
MD55da2dfbd12c9aacdb03ce0d6dc414a8d
SHA19eccc4092745b13f051d90273af78a6f64a21348
SHA25660a44cb1aecc5a3b6ed5b4224ce83ca001ec42fe22e33b0eccb183b74bb9b4a4
SHA512e7d906f34258bed095aa1358c2dbf575f22ffb8d77e57391e23477801939b0907c927373fe4cc99ebdd30ba5be0adaadad76fbdbc6060788d7869c9047b2049f
-
Filesize
661B
MD58258c0eabe05fed717b2b9833d50ed46
SHA1b0606669a4ea1522355c61059bde7bd3e019ce6a
SHA2569b316dea36d431beb6caf4cc02230c2df7896e259bf46af4ca3f165a9a2697b1
SHA512a69a1308591700f68f35a509dd9796ece0f77c28c73dbdef2c06960287d85b54e9431aeb13faa0820122aa14670bce7409fd3ecccea765701223be22ad26cd4f
-
Filesize
863B
MD55af2290cd10dd99228a08bb7a1f2e57e
SHA153d2e5c87fbb0c610040ad89bda7829b9690beee
SHA2564789df43f5d80437af945bbb1629578a70831282b00bddfcde318661dcfc280a
SHA5129112ee05c06862c21aed54c08b8689529d1ee16fa5a0985e89a6b3299f0fe3d7811765abdf9be6e912cde20da07a40d1903e9c15e526c1a234838575deb1760c
-
Filesize
796KB
MD5dc1d7fbeacfb517e801dcb886074ed42
SHA1ab969ca7aace910f9c906d5ed7473a79caccafc5
SHA256b00f83f6938d2ec735ac8f970c779f8ff28063b91a73d022b7a954bb85231c38
SHA512085815b511544f531effffc46b0ed5cde5834d4c85497487fa5cbd8e7b3dbfef597b63c47c92b5512a1f80e7924ea41ba797c3b90d2818d34630a7f5f0bc3161
-
Filesize
15.1MB
MD58e5e20cdc842a9a1c6d915aa9845e65a
SHA18c0c0449cb7c2d0475d6bbd955ce1402bcea3144
SHA2569be3940dd1e714277ba7c07882020c4d2742fa8092542c314dbae5ccbf31e4c4
SHA512beeb5d40e2f18f685932184d9257862840fcec31c0fe422702fad7ebb9024bf33e081518bc4d4b25fcb96c731898a6a4c2a9ea863bbbcd358730711b2ebfe091
-
Filesize
15.1MB
MD58e5e20cdc842a9a1c6d915aa9845e65a
SHA18c0c0449cb7c2d0475d6bbd955ce1402bcea3144
SHA2569be3940dd1e714277ba7c07882020c4d2742fa8092542c314dbae5ccbf31e4c4
SHA512beeb5d40e2f18f685932184d9257862840fcec31c0fe422702fad7ebb9024bf33e081518bc4d4b25fcb96c731898a6a4c2a9ea863bbbcd358730711b2ebfe091
-
Filesize
15.1MB
MD58e5e20cdc842a9a1c6d915aa9845e65a
SHA18c0c0449cb7c2d0475d6bbd955ce1402bcea3144
SHA2569be3940dd1e714277ba7c07882020c4d2742fa8092542c314dbae5ccbf31e4c4
SHA512beeb5d40e2f18f685932184d9257862840fcec31c0fe422702fad7ebb9024bf33e081518bc4d4b25fcb96c731898a6a4c2a9ea863bbbcd358730711b2ebfe091
-
Filesize
558KB
MD5bf78c15068d6671693dfcdfa5770d705
SHA14418c03c3161706a4349dfe3f97278e7a5d8962a
SHA256a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb
SHA5125b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372
-
Filesize
94KB
MD511d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
Filesize
94KB
MD511d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
Filesize
36KB
MD57667b0883de4667ec87c3b75bed84d84
SHA1e6f6df83e813ed8252614a46a5892c4856df1f58
SHA25604e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74
-
Filesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
Filesize
64B
MD5d8b9a260789a22d72263ef3bb119108c
SHA1376a9bd48726f422679f2cd65003442c0b6f6dd5
SHA256d69d47e428298f194850d14c3ce375e7926128a0bfb62c1e75940ab206f8fddc
SHA512550314fab1e363851a7543c989996a440d95f7c9db9695cce5abaad64523f377f48790aa091d66368f50f941179440b1fa94448289ee514d5b5a2f4fe6225e9b
-
Filesize
99KB
MD5053d3b3d3f4e22fbf9b787a434d44ca6
SHA187e8b28a0337286cb40dfef6c60bcf1ab11f0800
SHA256b93e2878e2edb9ec84455950a6cb0ed2d139acd16e24080a46f51a90061d0976
SHA512dd2c03a756a9a1b35d0624ecbf1530c41681b2148415ff32e13c4b28a7353402df66c557e043282e21ea6163f5697478e3e0c5678134146a078d45a618190a80
-
Filesize
99KB
MD5053d3b3d3f4e22fbf9b787a434d44ca6
SHA187e8b28a0337286cb40dfef6c60bcf1ab11f0800
SHA256b93e2878e2edb9ec84455950a6cb0ed2d139acd16e24080a46f51a90061d0976
SHA512dd2c03a756a9a1b35d0624ecbf1530c41681b2148415ff32e13c4b28a7353402df66c557e043282e21ea6163f5697478e3e0c5678134146a078d45a618190a80
-
Filesize
558KB
MD5bf78c15068d6671693dfcdfa5770d705
SHA14418c03c3161706a4349dfe3f97278e7a5d8962a
SHA256a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb
SHA5125b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372
-
Filesize
94KB
MD511d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
Filesize
36KB
MD57667b0883de4667ec87c3b75bed84d84
SHA1e6f6df83e813ed8252614a46a5892c4856df1f58
SHA25604e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74
-
Filesize
5.8MB
MD52a9b238323fca61898f7b0492f334f54
SHA1278b68691d6b88e3635ac19546a2b80fcdcac055
SHA25641ef482e6b8e919c25bf69cc11feb8a7c708c760881aabe0be271368e951bef3
SHA51264670ea37f21250a2097d2646381163d31de95c77c0fa8eba94ee07856db8d10c560c07bb31995aebe1f0a5ae014c9b9e81ee06d554297904a6265c7192ed93c
-
Filesize
1KB
MD57b134a5e3b9d796fe5cdff206710f874
SHA134805c55ae0ba64780b4a01132f9e4b923b94abc
SHA25645bd1b5f1ad3d48c1d51ffbdb9dfec572562128fa37087fbadf9589ee05e2d48
SHA5125712dae80d6d7413d7497bb071c102da1e599de0b3893f23f6fc7c864452d4a56dd24f44860a16cf537412fce714d46483dc2586dead601c4b9c9941e9c7644c
-
Filesize
394B
MD5d5db5124c8470ef3d02e3fcb7536a234
SHA11b26ca91230fc342c6afb08dc0601eb8533e77b8
SHA256ce82969b8c44f1f7750c9646d4ffdd1c99d6abb99565deb102dfb37c2c541de6
SHA5128ff3d4786ebc2fe85f9035d85da58ea8953de129fa448b32b4c19eae8d3eb9bcce30399801e6762f6484a0b6d4d5c023d06c5b1ec4e13eddfe131ce9b9561641
-
Filesize
1.5MB
MD595db9098c58fd6db106f1116bae85a0b
SHA199c98dac2ef47bf393f3dcbfa79120c6456c2ebb
SHA25606e81144996425d00162ba62f990dcbd98ec87e10f43851fd924fae5bf37be57
SHA512b1d64cde416e23f5ab90d91dafd1c8009d399df715c8e37abfbe882036b93afa1f5f87d99620c24c38c6665010ad5f2ab753443c41dff7117f3def06fd3b4832
-
Filesize
210KB
MD5903e870339ea32df505f1c603830fa72
SHA1460052cf71efb8ad1cdb354475a888146938f192
SHA256cecedf106e85487dae2d990ce0cfe7e9f4e37f1aa0221b920d41f1afd24a5fef
SHA512730164e0af61822537fe62553525fec3b7943631613c13c99192d5e23328cb0500f9dcb3b47b2b1d1cbec9fe7c039681ad31df00fee0896c6a5ae9a0e6ff7a36
-
Filesize
255KB
MD588932dadc42e1bba93b21a76de60ef7a
SHA13320ff5514b32565b0396de4f2064ce17ec9eea4
SHA256c4c8cb572a5a2c43d78b3701f4b2349684e6ca4d1557e469af6065b1e099c26c
SHA512298e1e171dbbe386e1abe153446b883c40910819099f64f54dc9faa95d739be56839537342bbe8dd8408545cb1f8c98878a3524d91af1f11a112d1bfc202657a
-
Filesize
254KB
MD5a98626e1aef6ceba5dfc1ee7112e235a
SHA1ca42fe10fa893f390472859405c7564095e4260f
SHA25692b3d3c6e135eb1dc95f88e6ca75bd6113d9eb3261a95ca39f733e3897e53675
SHA51281761cd87aece3cea03b4520d8c7518f8d549d8e91cce2a4a4752729e7a28ad4b502472731a06f7051f357bfa1042640a5e7592887b1c3914de0dfe230ef882c
-
Filesize
254KB
MD5c88cecbffad6d8e731fd95de49561ebd
SHA14ef29a9163b56df34a3486b98b24be3a3d0cdca6
SHA256bab583d38d105dac9141b287fb2b7763b6d8b0bae97e745faaccedb40a579c29
SHA512d514f33af50e74906617f8a9bb91e91f11a3ad3387f262c78804252df284e860d9d61d0bb4a61b60f122a00749824957bf53e8c308d7a53b722e7b88777c791d
-
Filesize
299B
MD548136cdde28ef3bd42836d10a06b43fb
SHA1623781c566c4cf19d0139b8036ce3bb5b076aa85
SHA2564209cfea7eadb13b87a41dd79083b20aff8830ac3701d85eba9d939dc5b57af3
SHA512ba16dafcab39d4fa8c0295e0f4707284a0f8c90333ee5b6135fd2ddd76f9a9920c40e5cbb730a1cb5a809228d6dbf6f5ad797d9d1e2c783dcea066bbb2a23c55
-
Filesize
330B
MD5776c137f6b6fc0161cccef9229adf74f
SHA1b15b53f6c286d9325995cede4b022689b44c0d8e
SHA256641f30c10af5e892fff394eb39c2d4905ab7851e3146262ca9d6fa8f09163ea5
SHA512b4188e1fd182db4689b6b1aa32d9aa51b882396d49b662df41e1d3d8507c2087fa10136c29c5ec6671e88628fdfba42ebc90c2913f591dd66c7509e24e5d833b
-
Filesize
230B
MD55da2dfbd12c9aacdb03ce0d6dc414a8d
SHA19eccc4092745b13f051d90273af78a6f64a21348
SHA25660a44cb1aecc5a3b6ed5b4224ce83ca001ec42fe22e33b0eccb183b74bb9b4a4
SHA512e7d906f34258bed095aa1358c2dbf575f22ffb8d77e57391e23477801939b0907c927373fe4cc99ebdd30ba5be0adaadad76fbdbc6060788d7869c9047b2049f
-
Filesize
61KB
MD5ee77265024d099499b48ab29fc620991
SHA14fdd41d8037830e9a7849decf73876443812fc83
SHA2566254fc83f3b710db8739ad4e70417e5f77adca61c0908e88f272689619578aa0
SHA512cb532a61118e83d350bc9e36f4dfafc5b31d3809154a78b50b2027b01cd1fed07fd4ec0efe9346826e5a827cee150f6cd2ca2285a46a55e8539febf3a1d6b293
-
Filesize
796KB
MD5dc1d7fbeacfb517e801dcb886074ed42
SHA1ab969ca7aace910f9c906d5ed7473a79caccafc5
SHA256b00f83f6938d2ec735ac8f970c779f8ff28063b91a73d022b7a954bb85231c38
SHA512085815b511544f531effffc46b0ed5cde5834d4c85497487fa5cbd8e7b3dbfef597b63c47c92b5512a1f80e7924ea41ba797c3b90d2818d34630a7f5f0bc3161
-
Filesize
15.1MB
MD58e5e20cdc842a9a1c6d915aa9845e65a
SHA18c0c0449cb7c2d0475d6bbd955ce1402bcea3144
SHA2569be3940dd1e714277ba7c07882020c4d2742fa8092542c314dbae5ccbf31e4c4
SHA512beeb5d40e2f18f685932184d9257862840fcec31c0fe422702fad7ebb9024bf33e081518bc4d4b25fcb96c731898a6a4c2a9ea863bbbcd358730711b2ebfe091
-
Filesize
15.1MB
MD58e5e20cdc842a9a1c6d915aa9845e65a
SHA18c0c0449cb7c2d0475d6bbd955ce1402bcea3144
SHA2569be3940dd1e714277ba7c07882020c4d2742fa8092542c314dbae5ccbf31e4c4
SHA512beeb5d40e2f18f685932184d9257862840fcec31c0fe422702fad7ebb9024bf33e081518bc4d4b25fcb96c731898a6a4c2a9ea863bbbcd358730711b2ebfe091
-
Filesize
558KB
MD5bf78c15068d6671693dfcdfa5770d705
SHA14418c03c3161706a4349dfe3f97278e7a5d8962a
SHA256a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb
SHA5125b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372
-
Filesize
94KB
MD511d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
Filesize
94KB
MD511d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
Filesize
94KB
MD511d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
Filesize
36KB
MD57667b0883de4667ec87c3b75bed84d84
SHA1e6f6df83e813ed8252614a46a5892c4856df1f58
SHA25604e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74
-
Filesize
16KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
16KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
16KB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
16KB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
76KB
-
Filesize
76KB
-
Filesize
136KB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
5.1MB
-
Filesize
5.1MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
5.1MB
-
Filesize
12.9MB
-
Filesize
12.9MB
-
Filesize
12.9MB
-
Filesize
10.8MB
-
Filesize
5.8MB
-
Filesize
5.8MB
-
Filesize
5.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
-
Filesize
10.8MB
