Overview

overview

8

Static

static

aSc TimeTa...mZ.exe

windows7-x64

8

aSc TimeTa...mZ.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    551s
  • max time network
    1203s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    23-10-2022 18:56

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    aSc TimeTables _ZaImZ.exe

  • Size

    5.1MB

  • MD5

    5347d1465f1abfbe142bee26234c2d42

  • SHA1

    43aa39e7c91122fac3ceff37278f878eb60df870

  • SHA256

    3eeab0e2bbd7e74117cf4d36fa98a7d0125fc46161a1193f0b72fca297f5c8ac

  • SHA512

    afe6c2b058056813ef2f6642c5e4593c37bfc12b38f7f8990e3a923e56922a7c2647eb2e214d7da22de60648475bf59b2b3a9f4818f2861dbc37f9f8e10815bd

  • SSDEEP

    49152:nhvEwVL6q9TUDEYh8ESu07hZPKBmeSOlNUA2lEj6T6RSUvfkt9Y:1LVQYA08RSUnkt6

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • Creates new service(s) 1 TTPs
    persistence
  • Downloads MZ/PE file
  • Drops file in Drivers directory 3 IoCs
  • Executes dropped EXE 52 IoCs
  • UPX packed file 9 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 3 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in System32 directory 4 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 5 IoCs
  • Launches sc.exe 6 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks processor information in registry 2 TTPs 4 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 4 IoCs
    adwarespyware
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 64 IoCs
  • Modifies system certificate store 2 TTPs 22 IoCs
    evasionspywaretrojan
  • Runs net.exe
  • Suspicious behavior: EnumeratesProcesses 28 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: LoadsDriver 1 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 20 IoCs
  • Suspicious use of SendNotifyMessage 20 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\aSc TimeTables _ZaImZ.exe
    "C:\Users\Admin\AppData\Local\Temp\aSc TimeTables _ZaImZ.exe"
    1⤵
    • Modifies system certificate store
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of SetWindowsHookEx
    • Suspicious use of WriteProcessMemory
    PID:1256
    • C:\Users\Admin\AppData\Local\Temp\aScTimeTables_2022_08_01_exe_510232022857183243373969\aScTimeTables_2022_08_01.exe
      "C:\Users\Admin\AppData\Local\Temp\aScTimeTables_2022_08_01_exe_510232022857183243373969\aScTimeTables_2022_08_01.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious use of WriteProcessMemory
      PID:360
      • C:\Users\Admin\AppData\Local\Temp\nsyADA1.tmp
        C:\Users\Admin\AppData\Local\Temp\nsyADA1.tmp
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:908
      • \??\c:\TimeTables\roz.exe
        "c:\TimeTables\roz.exe"
        3⤵
        • Executes dropped EXE
        • Modifies registry class
        • Suspicious behavior: GetForegroundWindowSpam
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of SetWindowsHookEx
        PID:1152
    • C:\Users\Admin\AppData\Local\Temp\WcInstaller_exe_710232022857313701050901\WcInstaller.exe
      "C:\Users\Admin\AppData\Local\Temp\WcInstaller_exe_710232022857313701050901\WcInstaller.exe" --silent --partner=CH210701 --webprotection
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of WriteProcessMemory
      PID:560
      • C:\Users\Admin\AppData\Local\Temp\7zS032990AC\WebCompanionInstaller.exe
        .\WebCompanionInstaller.exe --partner=CH210701 --webprotection --version=9.1.0.409 --silent --partner=CH210701 --webprotection
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Drops file in Program Files directory
        • Drops file in Windows directory
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of WriteProcessMemory
        PID:1368
        • C:\Windows\SysWOW64\sc.exe
          "sc.exe" Create "WCAssistantService" binPath= "C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe" DisplayName= "WC Assistant" start= auto
          4⤵
          • Launches sc.exe
          PID:2016
        • C:\Windows\SysWOW64\sc.exe
          "sc.exe" failure WCAssistantService reset= 30 actions= restart/60000
          4⤵
          • Launches sc.exe
          PID:1600
        • C:\Windows\SysWOW64\sc.exe
          "sc.exe" description "WCAssistantService" "Ad-Aware Web Companion Internet security service"
          4⤵
          • Launches sc.exe
          PID:1548
        • C:\Windows\system32\RunDLL32.Exe
          "C:\Windows\sysnative\RunDLL32.Exe" syssetup,SetupInfObjectInstallAction BootInstall 128 C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci.inf
          4⤵
          • Drops file in Drivers directory
          • Adds Run key to start application
          • Drops file in Windows directory
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:1004
          • C:\Windows\system32\runonce.exe
            "C:\Windows\system32\runonce.exe" -r
            5⤵
            • Checks processor information in registry
            • Suspicious use of WriteProcessMemory
            PID:1116
            • C:\Windows\System32\grpconv.exe
              "C:\Windows\System32\grpconv.exe" -o
              6⤵
                PID:316
          • C:\Windows\system32\net.exe
            "C:\Windows\sysnative\net.exe" start bddci
            4⤵
            • Suspicious use of WriteProcessMemory
            PID:1432
            • C:\Windows\system32\net1.exe
              C:\Windows\system32\net1 start bddci
              5⤵
                PID:1720
            • C:\Windows\SysWOW64\sc.exe
              "sc.exe" Create "DCIService" binPath= "C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe" DisplayName= "DCIService" start= auto
              4⤵
              • Launches sc.exe
              PID:1676
            • C:\Windows\SysWOW64\sc.exe
              "sc.exe" description "DCIService" "Webprotection Bridge service"
              4⤵
              • Launches sc.exe
              PID:288
            • C:\Windows\SysWOW64\cmd.exe
              "C:\Windows\System32\cmd.exe" /C "C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bridge_start.cmd"
              4⤵
                PID:632
                • C:\Windows\SysWOW64\sc.exe
                  sc start DCIService
                  5⤵
                  • Launches sc.exe
                  PID:1328
              • C:\Windows\SysWOW64\cmd.exe
                "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
                4⤵
                  PID:1620
                  • C:\Windows\SysWOW64\netsh.exe
                    netsh http add urlacl url=http://+:9007/ user=Everyone
                    5⤵
                      PID:1680
                  • C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
                    "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" --silent --install --geo=
                    4⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Adds Run key to start application
                    • Drops file in Windows directory
                    • Suspicious behavior: EnumeratesProcesses
                    • Suspicious use of AdjustPrivilegeToken
                    PID:1744
                    • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
                      "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\d0ruyoht.cmdline"
                      5⤵
                        PID:2060
                        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                          C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESE265.tmp" "c:\Users\Admin\AppData\Local\Temp\CSCE254.tmp"
                          6⤵
                            PID:2104
                      • C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
                        "C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe" --silent --afterinstall
                        4⤵
                        • Executes dropped EXE
                        • Suspicious behavior: EnumeratesProcesses
                        • Suspicious use of AdjustPrivilegeToken
                        • Suspicious use of FindShellTrayWindow
                        • Suspicious use of SendNotifyMessage
                        PID:2336
                        • C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
                          "C:\Windows\Microsoft.NET\Framework\v2.0.50727\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\sxuksoma.cmdline"
                          5⤵
                            PID:2928
                            • C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
                              C:\Windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RES1B5F.tmp" "c:\Users\Admin\AppData\Local\Temp\CSC1B5E.tmp"
                              6⤵
                                PID:2964
                      • C:\Users\Admin\AppData\Local\Temp\OperaBrowserSetup_exe_71023202285731336827901\OperaBrowserSetup.exe
                        "C:\Users\Admin\AppData\Local\Temp\OperaBrowserSetup_exe_71023202285731336827901\OperaBrowserSetup.exe" --silent --allusers=0
                        2⤵
                        • Executes dropped EXE
                        • Enumerates connected drives
                        PID:2596
                        • C:\Users\Admin\AppData\Local\Temp\OperaBrowserSetup_exe_71023202285731336827901\OperaBrowserSetup.exe
                          C:\Users\Admin\AppData\Local\Temp\OperaBrowserSetup_exe_71023202285731336827901\OperaBrowserSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=92.0.4561.21 --initial-client-data=0x188,0x18c,0x190,0x15c,0x194,0x6dce5148,0x6dce5158,0x6dce5164
                          3⤵
                          • Executes dropped EXE
                          PID:2616
                        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaBrowserSetup.exe
                          "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaBrowserSetup.exe" --version
                          3⤵
                          • Executes dropped EXE
                          PID:2716
                        • C:\Users\Admin\AppData\Local\Temp\OperaBrowserSetup_exe_71023202285731336827901\OperaBrowserSetup.exe
                          "C:\Users\Admin\AppData\Local\Temp\OperaBrowserSetup_exe_71023202285731336827901\OperaBrowserSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=0 --server-tracking-data=server_tracking_data --initial-pid=2596 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20221023205908" --session-guid=fb594048-a705-489a-a490-b6e6b2549d1e --server-tracking-blob=OGU5NTRmYjc3YjMyMzE2N2VjYzRjYzgwM2EzMDE0OGU2MGE1MTdjNzZmNTg3YjBmYmMxM2ViMTFlOGJkZDMzNjp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPXNvZnRvbmljX2NwaSZ1dG1fbWVkaXVtPWFwYiZ1dG1fY2FtcGFpZ249Q1BJX1dJTl9JTlNfRkgiLCJ0aW1lc3RhbXAiOiIxNjY2NTUxNDU0LjcwNTYiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLWxpa2UgQnJvd3NlciAoZGN1KSIsInV0bSI6eyJjYW1wYWlnbiI6IkNQSV9XSU5fSU5TX0ZIIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoic29mdG9uaWNfY3BpIn0sInV1aWQiOiJmNjMzMDBhNS1lYTczLTRlYjQtOTkwMS04YzA4NjlkNWQ0MGIifQ== --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=EC02000000000000
                          3⤵
                          • Executes dropped EXE
                          • Enumerates connected drives
                          PID:2756
                          • C:\Users\Admin\AppData\Local\Temp\OperaBrowserSetup_exe_71023202285731336827901\OperaBrowserSetup.exe
                            C:\Users\Admin\AppData\Local\Temp\OperaBrowserSetup_exe_71023202285731336827901\OperaBrowserSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=92.0.4561.21 --initial-client-data=0x194,0x198,0x19c,0x15c,0x1a0,0x6c645148,0x6c645158,0x6c645164
                            4⤵
                            • Executes dropped EXE
                            PID:2832
                          • C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\installer.exe
                            "C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\installer.exe" --backend --initial-pid=2596 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=0 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202210232059081" --session-guid=fb594048-a705-489a-a490-b6e6b2549d1e --server-tracking-blob=OGU5NTRmYjc3YjMyMzE2N2VjYzRjYzgwM2EzMDE0OGU2MGE1MTdjNzZmNTg3YjBmYmMxM2ViMTFlOGJkZDMzNjp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPXNvZnRvbmljX2NwaSZ1dG1fbWVkaXVtPWFwYiZ1dG1fY2FtcGFpZ249Q1BJX1dJTl9JTlNfRkgiLCJ0aW1lc3RhbXAiOiIxNjY2NTUxNDU0LjcwNTYiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLWxpa2UgQnJvd3NlciAoZGN1KSIsInV0bSI6eyJjYW1wYWlnbiI6IkNQSV9XSU5fSU5TX0ZIIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoic29mdG9uaWNfY3BpIn0sInV1aWQiOiJmNjMzMDBhNS1lYTczLTRlYjQtOTkwMS04YzA4NjlkNWQ0MGIifQ== --silent --desktopshortcut=1 --install-subfolder=92.0.4561.21
                            4⤵
                            • Executes dropped EXE
                            • Enumerates connected drives
                            • Modifies registry class
                            PID:1092
                            • C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\installer.exe
                              C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=92.0.4561.21 --initial-client-data=0x174,0x178,0x17c,0x148,0x180,0x7feeee284b0,0x7feeee284c0,0x7feeee284d0
                              5⤵
                              • Executes dropped EXE
                              PID:976
                            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202210232059081\assistant\assistant_installer.exe
                              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202210232059081\assistant\assistant_installer.exe" --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera\assistant" --copyonly=0 --allusers=0
                              5⤵
                              • Executes dropped EXE
                              • Adds Run key to start application
                              • Modifies Internet Explorer settings
                              PID:2432
                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202210232059081\assistant\assistant_installer.exe
                                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202210232059081\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=92.0.4561.21 --initial-client-data=0x12c,0x130,0x134,0x100,0x138,0xeca8e0,0xeca8f0,0xeca8fc
                                6⤵
                                • Executes dropped EXE
                                PID:1976
                            • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                              "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized
                              5⤵
                              • Executes dropped EXE
                              PID:2844
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher
                                6⤵
                                • Executes dropped EXE
                                • Enumerates system info in registry
                                • Suspicious use of AdjustPrivilegeToken
                                PID:2940
                                • C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_crashreporter.exe
                                  C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=92.0.4561.21 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feec3152d8,0x7feec3152e8,0x7feec3152f8
                                  7⤵
                                  • Executes dropped EXE
                                  PID:1732
                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1040 --field-trial-handle=1148,i,813391567893219895,10609426764756538641,131072 /prefetch:2
                                  7⤵
                                  • Executes dropped EXE
                                  PID:2220
                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1352 --field-trial-handle=1148,i,813391567893219895,10609426764756538641,131072 /prefetch:8
                                  7⤵
                                  • Executes dropped EXE
                                  PID:1012
                        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202210232059081\assistant\_sfx.exe
                          "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202210232059081\assistant\_sfx.exe"
                          3⤵
                          • Executes dropped EXE
                          PID:2244
                        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202210232059081\assistant\assistant_installer.exe
                          "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202210232059081\assistant\assistant_installer.exe" --version
                          3⤵
                          • Executes dropped EXE
                          PID:2184
                          • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202210232059081\assistant\assistant_installer.exe
                            "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202210232059081\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=92.0.4561.21 --initial-client-data=0x12c,0x130,0x134,0x100,0x138,0xeca8e0,0xeca8f0,0xeca8fc
                            4⤵
                            • Executes dropped EXE
                            PID:2280
                    • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe
                      "C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe"
                      1⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      PID:1324
                    • C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
                      "C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe"
                      1⤵
                      • Executes dropped EXE
                      • Drops file in System32 directory
                      • Modifies data under HKEY_USERS
                      • Suspicious behavior: EnumeratesProcesses
                      • Suspicious use of AdjustPrivilegeToken
                      PID:1664
                      • C:\Windows\System32\cmd.exe
                        "C:\Windows\System32\cmd.exe" /C netsh http add urlacl url=http://+:9007/ user=Everyone
                        2⤵
                          PID:2168
                          • C:\Windows\system32\netsh.exe
                            netsh http add urlacl url=http://+:9007/ user=Everyone
                            3⤵
                            • Modifies data under HKEY_USERS
                            PID:2212
                      • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe
                        "C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe" --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera\assistant" --run-assistant --allusers=0
                        1⤵
                        • Executes dropped EXE
                        PID:968
                        • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe
                          C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=92.0.4561.21 --initial-client-data=0x12c,0x130,0x134,0x100,0x138,0xdaa8e0,0xdaa8f0,0xdaa8fc
                          2⤵
                          • Executes dropped EXE
                          PID:2380
                        • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
                          "C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe"
                          2⤵
                          • Executes dropped EXE
                          • Suspicious use of FindShellTrayWindow
                          • Suspicious use of SendNotifyMessage
                          PID:2484
                          • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                            "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
                            3⤵
                            • Executes dropped EXE
                            PID:2516
                          • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
                            C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=92.0.4561.21 --initial-client-data=0x150,0x154,0x158,0x124,0x15c,0x174c130,0x174c140,0x174c14c
                            3⤵
                            • Executes dropped EXE
                            PID:2560
                            • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                              "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
                              4⤵
                              • Executes dropped EXE
                              PID:2584
                            • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                              "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
                              4⤵
                              • Executes dropped EXE
                              PID:2636
                            • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                              "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
                              4⤵
                              • Executes dropped EXE
                              PID:2720
                          • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                            "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
                            3⤵
                            • Executes dropped EXE
                            PID:2916
                      • C:\Windows\system32\wbem\unsecapp.exe
                        C:\Windows\system32\wbem\unsecapp.exe -Embedding
                        1⤵
                          PID:3004
                        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
                          1⤵
                          • Executes dropped EXE
                          • Checks computer location settings
                          • Checks processor information in registry
                          • Enumerates system info in registry
                          • Modifies system certificate store
                          • Suspicious behavior: EnumeratesProcesses
                          • Suspicious use of AdjustPrivilegeToken
                          PID:1644
                          • C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_crashreporter.exe
                            C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=92.0.4561.21 --initial-client-data=0x15c,0x160,0x164,0x130,0x168,0x7feec3152d8,0x7feec3152e8,0x7feec3152f8
                            2⤵
                            • Executes dropped EXE
                            PID:2532
                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1084 --field-trial-handle=1144,i,1957584395722580976,15705335213252162568,131072 /prefetch:2
                            2⤵
                            • Executes dropped EXE
                            PID:2916
                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1432 --field-trial-handle=1144,i,1957584395722580976,15705335213252162568,131072 /prefetch:8
                            2⤵
                            • Executes dropped EXE
                            PID:2900
                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1556 --field-trial-handle=1144,i,1957584395722580976,15705335213252162568,131072 /prefetch:8
                            2⤵
                            • Executes dropped EXE
                            PID:976
                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2108 --field-trial-handle=1144,i,1957584395722580976,15705335213252162568,131072 /prefetch:8
                            2⤵
                            • Executes dropped EXE
                            PID:2280
                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2096 --field-trial-handle=1144,i,1957584395722580976,15705335213252162568,131072 /prefetch:8
                            2⤵
                            • Executes dropped EXE
                            PID:2776
                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2124 --field-trial-handle=1144,i,1957584395722580976,15705335213252162568,131072 /prefetch:8
                            2⤵
                              PID:2476
                            • C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_autoupdate.exe
                              "C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
                              2⤵
                              • Executes dropped EXE
                              PID:2856
                              • C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_autoupdate.exe
                                C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=92.0.4561.21 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x13fb94df8,0x13fb94e08,0x13fb94e18
                                3⤵
                                • Executes dropped EXE
                                PID:2212
                            • C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_autoupdate.exe
                              "C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
                              2⤵
                              • Executes dropped EXE
                              PID:2312
                              • C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_autoupdate.exe
                                C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=92.0.4561.21 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x140074df8,0x140074e08,0x140074e18
                                3⤵
                                • Executes dropped EXE
                                PID:1440
                              • C:\Users\Admin\AppData\Local\Temp\.opera\installer.exe
                                "C:\Users\Admin\AppData\Local\Temp\.opera\installer.exe" --version
                                3⤵
                                • Executes dropped EXE
                                PID:1580
                          • C:\Windows\system32\taskeng.exe
                            taskeng.exe {D480C02F-5AA6-4A6C-820E-03311360D85E} S-1-5-21-999675638-2867687379-27515722-1000:ORXGKKZC\Admin:Interactive:[1]
                            1⤵
                              PID:2392
                              • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                                C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=92.0.4561.21 --newautoupdaterlogic
                                2⤵
                                • Executes dropped EXE
                                PID:1612
                                • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
                                  "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
                                  3⤵
                                  • Executes dropped EXE
                                  PID:2116
                                • C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_autoupdate.exe
                                  "C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_autoupdate.exe" --pipeid=oauc_task_pipedcbb8f53eff625f232ff45d764476217 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015" --scheduledtask
                                  3⤵
                                  • Executes dropped EXE
                                  PID:2444
                                  • C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_autoupdate.exe
                                    C:\Users\Admin\AppData\Local\Programs\Opera\92.0.4561.21\opera_autoupdate.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\Crash Reports" --crash-count-file=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\crash_count.txt --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=92.0.4561.21 --initial-client-data=0x138,0x13c,0x140,0x10c,0x144,0x140074df8,0x140074e08,0x140074e18
                                    4⤵
                                    • Executes dropped EXE
                                    PID:1576

                            Network

                            MITRE ATT&CK Enterprise v6

                            Replay Monitor

                            Loading Replay Monitor...

                            Downloads

                            • C:\PROGRA~2\Lavasoft\WEBCOM~1\Service\x64\bddci.sys
                              Filesize

                              358KB

                              MD5

                              7e8d2dd117579f79f574f8f410364f42

                              SHA1

                              44d730b09ac3d193680a0bb2bc985765d636225a

                              SHA256

                              bd44c3509f3095551bc3d9379e3e06ca49aac622a6c9d878e07eeb714141530e

                              SHA512

                              781dea6b7692646eec06216433c01d1852504c0740560d7083de78f78f186ec0bb7ed992d1dd32950513c66e38921062b5f93094da93799a7cba857e498059fc

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe
                              Filesize

                              3.3MB

                              MD5

                              db2555acc5671b00bfb6702fdba198f1

                              SHA1

                              53631a77a4bbec8abeb72126591c4459f5d1dc23

                              SHA256

                              e584bbb43c79b3c7367c1bd426e71746b56e66586b2e639bcaa4b75d1626786c

                              SHA512

                              1facb22194945d9741e9f5c91ba0a9beff395fceb73f7afda2d1b0e3cd6f73b1f6c4c7dc22d4da3a00e68ffd406eb75048f53591744fd0f738178b9cce768d01

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\MSVCP140.dll
                              Filesize

                              576KB

                              MD5

                              e74caf5d94aa08d046a44ed6ed84a3c5

                              SHA1

                              ed9f696fa0902a7c16b257da9b22fb605b72b12e

                              SHA256

                              3dedef76c87db736c005d06a8e0d084204b836af361a6bd2ee4651d9c45675e8

                              SHA512

                              d3128587bc8d62e4d53f8b5f95eb687bc117a6d5678c08dc6b59b72ea9178a7fd6ae8faa9094d21977c406739d6c38a440134c1c1f6f9a44809e80d162723254

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\VCRUNTIME140.dll
                              Filesize

                              99KB

                              MD5

                              8697c106593e93c11adc34faa483c4a0

                              SHA1

                              cd080c51a97aa288ce6394d6c029c06ccb783790

                              SHA256

                              ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

                              SHA512

                              724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\VCRUNTIME140_1.dll
                              Filesize

                              43KB

                              MD5

                              21ae0d0cfe9ab13f266ad7cd683296be

                              SHA1

                              f13878738f2932c56e07aa3c6325e4e19d64ae9f

                              SHA256

                              7b8f70dd3bdae110e61823d1ca6fd8955a5617119f5405cdd6b14cad3656dfc7

                              SHA512

                              6b2c7ce0fe32faffb68510bf8ae1b61af79b2d8a2d1b633ceba3a8e6a668a4f5179bb836c550ecac495b0fc413df5fe706cd6f42e93eb082a6c68e770339a77c

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-file-l1-2-0.dll
                              Filesize

                              11KB

                              MD5

                              7041205ea1a1d9ba68c70333086e6b48

                              SHA1

                              5034155f7ec4f91e882eae61fd3481b5a1c62eb0

                              SHA256

                              eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d

                              SHA512

                              aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-file-l2-1-0.dll
                              Filesize

                              11KB

                              MD5

                              8fd05f79565c563a50f23b960f4d77a6

                              SHA1

                              98e5e665ef4a3dd6f149733b180c970c60932538

                              SHA256

                              3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73

                              SHA512

                              587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-localization-l1-2-0.dll
                              Filesize

                              13KB

                              MD5

                              769bf2930e7b0ce2e3fb2cbc6630ba2e

                              SHA1

                              b9df24d2d37ca8b52ca7eb5c6de414cb3159488a

                              SHA256

                              d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a

                              SHA512

                              9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-processthreads-l1-1-1.dll
                              Filesize

                              11KB

                              MD5

                              6486e2f519a80511ac3de235487bee79

                              SHA1

                              b43fd61e62d98eea74cf8eb54ca16c8f8e10c906

                              SHA256

                              24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667

                              SHA512

                              02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-synch-l1-2-0.dll
                              Filesize

                              11KB

                              MD5

                              a639c64c03544491cd196f1ba08ae6e0

                              SHA1

                              3ee08712c85aab71cfbdb43dbef06833daa36ab2

                              SHA256

                              a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60

                              SHA512

                              c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-timezone-l1-1-0.dll
                              Filesize

                              11KB

                              MD5

                              6f9f9d52087ae4d8d180954b9d42778b

                              SHA1

                              67419967a40cc82a0ca4151589677de8226f9693

                              SHA256

                              ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0

                              SHA512

                              22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-convert-l1-1-0.dll
                              Filesize

                              15KB

                              MD5

                              ebac9545734cc1bec37c1c32ffaff7d8

                              SHA1

                              2b716ce57f0af28d1223f4794cc8696d49ae2f29

                              SHA256

                              d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26

                              SHA512

                              0396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-heap-l1-1-0.dll
                              Filesize

                              12KB

                              MD5

                              fbfcf220f1bf1051e82a40f349d4beae

                              SHA1

                              43154ea6705ab1c34207b66a0a544ac211c1f37d

                              SHA256

                              9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d

                              SHA512

                              e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-runtime-l1-1-0.dll
                              Filesize

                              15KB

                              MD5

                              a3f630a32d715214d6c46f7c87761213

                              SHA1

                              1078c77010065c933a7394d10da93bfb81be2a95

                              SHA256

                              d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562

                              SHA512

                              920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-stdio-l1-1-0.dll
                              Filesize

                              17KB

                              MD5

                              c99c9eea4f83a985daf48eed9f79531b

                              SHA1

                              56486407c84beecadb88858d69300035e693d9a6

                              SHA256

                              7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5

                              SHA512

                              78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-string-l1-1-0.dll
                              Filesize

                              17KB

                              MD5

                              d3d72d7f4c048d46d81a34e4186600b4

                              SHA1

                              cdcad0a3df99f9aee0f49c549758ee386a3d915f

                              SHA256

                              fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116

                              SHA512

                              6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bddci.inf
                              Filesize

                              2KB

                              MD5

                              58b2e13bac1f78e521a408ec5ca8a606

                              SHA1

                              e40139e0a3f8b2f5d3a457d1701b527b83bc1541

                              SHA256

                              a84e4b890c7cfd488653eaf6cf38f283d8b7e12f467f241a2046818cb9e762de

                              SHA512

                              5e25997da0769f2d1217c754efa2b72a1117f1849ec86c90ad3945ec899f52b9237d0d39d8c43df3fdf93b52c26b47f6eafe6009e7cc62389e96d26f84a3f96e

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\bridge_start.cmd
                              Filesize

                              49B

                              MD5

                              95e8c6cd0a911f1ab4969c06b8cf77a2

                              SHA1

                              be1b1f8abd0420f59ecab7bcf8120cdc2ce34195

                              SHA256

                              de795f6d8591577054813bee79e7c5b4ee13360039d29aa73971c6b985d26ebd

                              SHA512

                              e5eefaf761be7bf3cea207e22e98398093fa0a9d3b459af7df22bfbf07755816737a7b8b261acf01aec8b10b5d8f0d90132a4ecdd83c242b2cde883039fac1ff

                              Download Submit

                            • C:\Program Files (x86)\Lavasoft\Web Companion\Service\x64\ucrtbase.DLL
                              Filesize

                              938KB

                              MD5

                              d4b22fb86c88c071335fe2fb623e40ce

                              SHA1

                              cc722eb1098b3a630a990dbceb62e3338b064110

                              SHA256

                              2195fef9bd0a01d6b10a2ab77ff4f5bbca01d65d5f6590befc98d80102372605

                              SHA512

                              369fb5d80535cb1f8d46512234d7777754648aeab6a3ff1536edc64ca0097a8e8eaa7c68feeabf756de474706f0c7c896b14c4c39cbd5916ad9258f2ed3fcdf1

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
                              Filesize

                              60KB

                              MD5

                              d15aaa7c9be910a9898260767e2490e1

                              SHA1

                              2090c53f8d9fc3fbdbafd3a1e4dc25520eb74388

                              SHA256

                              f8ebaaf487cba0c81a17c8cd680bdd2dd8e90d2114ecc54844cffc0cc647848e

                              SHA512

                              7e1c1a683914b961b5cc2fe5e4ae288b60bab43bfaa21ce4972772aa0589615c19f57e672e1d93e50a7ed7b76fbd2f1b421089dcaed277120b93f8e91b18af94

                              Download Submit

                            • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
                              Filesize

                              342B

                              MD5

                              5e6b4b5381b216906e3d195363f96be2

                              SHA1

                              af4b49fb4e380e3e2b088ad63991c8cc777d0ba7

                              SHA256

                              17835d355ca4275cd2fb31a79f4e19b023f60369cc69edc2bc2c5d60226666d3

                              SHA512

                              00404f94f608cc6c7e47cb8591419ea7487fc3182f623121e122f1bf2bfe3607da4e416ffd9b12663d6a4b563e09e58242ffb3111ea217f93f3aad4efed316b2

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\7zS032990AC\ICSharpCode.SharpZipLib.dll
                              Filesize

                              203KB

                              MD5

                              9e0de64b6d714d1e4718fcf916a7c808

                              SHA1

                              d9bd1bd5dd4cca45fd5207c85b5cda4720db9229

                              SHA256

                              35e60b266a70ecf603ffc8bee04db290455a97a2d22cb5249bdeae527cad2bca

                              SHA512

                              d5a41c9afa0daeb550744037ce8e4eea15d049aca32f9d1c63b1b4f87fb445bba7a827c5b18c4c9945072149cbdb1c26cb31ad6f468b070af3d6afb1a8ad900f

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\7zS032990AC\Newtonsoft.Json.dll
                              Filesize

                              423KB

                              MD5

                              90dd83a4481f17340a1b3af258ca83e1

                              SHA1

                              2d4e9e1f132a9b55f11486119e7d23f9d3100c81

                              SHA256

                              cf5e514abe016be9ff50c56b589b20eb009888b8f0a9f207fa6486e9697fda78

                              SHA512

                              8e4f88845853deaa7305d51f699420b1581ce5db518193cd113579ee77dcdb4a2f742f4f26fab88329768f5d4877f4e391aa855a3b58ef9c57ed1f6c6a0184a7

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\7zS032990AC\WebCompanionInstaller.exe
                              Filesize

                              451KB

                              MD5

                              b949799d09e9b30a1c7a0171468df31e

                              SHA1

                              c166ab632216d1503c2b358861ff4532b04f1fc4

                              SHA256

                              bf3ce13b63a958e24544d7fa6f9f9de51de117f0305e98d9cd050e10f4135f05

                              SHA512

                              7e07906af92fe34525db081fa20b59fe92dda87acd5e6debc9a42f8898cde2124435b636becb9b6bf2e1c2f85922516435677f9ec896e3c488ec5c0071600684

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\7zS032990AC\WebCompanionInstaller.exe
                              Filesize

                              451KB

                              MD5

                              b949799d09e9b30a1c7a0171468df31e

                              SHA1

                              c166ab632216d1503c2b358861ff4532b04f1fc4

                              SHA256

                              bf3ce13b63a958e24544d7fa6f9f9de51de117f0305e98d9cd050e10f4135f05

                              SHA512

                              7e07906af92fe34525db081fa20b59fe92dda87acd5e6debc9a42f8898cde2124435b636becb9b6bf2e1c2f85922516435677f9ec896e3c488ec5c0071600684

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\7zS032990AC\WebCompanionInstaller.exe.config
                              Filesize

                              2KB

                              MD5

                              78ee84a1259ca05ebac76fb7adac0a38

                              SHA1

                              b07ca86374d34ef9905c7eed722de376348e1635

                              SHA256

                              5bb681b84ddb91d93329b377a2a968544e1628712c9a02b2f456c5b87b4b6064

                              SHA512

                              c1e3cd83fad605fa26b938f6af8a8e312a8375eb15e7a28b315d55105fc81c52e20081d6c991d8494a081469b6a44647b752b5567e1cfa4bda0ff52003d41d3c

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\WcInstaller_exe_710232022857313701050901\WcInstaller.exe
                              Filesize

                              547KB

                              MD5

                              253d1915e93ffe4c1108a4bd5ce9615f

                              SHA1

                              212e70758c9d9667dcbbc08e9efad51ae98b6d6c

                              SHA256

                              28d0f65bd81b490dd796d0b62942a7d54478099b54be1e369c1a6d81a8e98374

                              SHA512

                              5b8d7922f5c147259faf23f1d26ab0b3179168bc23ab0e9fc505a5b331c764e580dec75d202a2a59d176caa542d07f46ae44e13a99db8da0a315deec0043b885

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\WcInstaller_exe_710232022857313701050901\WcInstaller.exe
                              Filesize

                              547KB

                              MD5

                              253d1915e93ffe4c1108a4bd5ce9615f

                              SHA1

                              212e70758c9d9667dcbbc08e9efad51ae98b6d6c

                              SHA256

                              28d0f65bd81b490dd796d0b62942a7d54478099b54be1e369c1a6d81a8e98374

                              SHA512

                              5b8d7922f5c147259faf23f1d26ab0b3179168bc23ab0e9fc505a5b331c764e580dec75d202a2a59d176caa542d07f46ae44e13a99db8da0a315deec0043b885

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\aScTimeTables_2022_08_01_exe_510232022857183243373969\aScTimeTables_2022_08_01.exe
                              Filesize

                              17.2MB

                              MD5

                              04237ec87a67d0eed89381febd702034

                              SHA1

                              1ccaf4ffeadea560a94301a79147bd7b677da9e3

                              SHA256

                              57524e3a3d5e7b914494dacd3b0a0fc43f7057b2eebc7d3ad504b20277f24f61

                              SHA512

                              11aefe9bd3b1623354463f7b818db7eac3d96221f8d77abbbeec13fec7a11c0a503ba015407cc3d2887db90f35e008797611927e0df6dcf7cdcd3f7029175d79

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\aScTimeTables_2022_08_01_exe_510232022857183243373969\aScTimeTables_2022_08_01.exe
                              Filesize

                              17.2MB

                              MD5

                              04237ec87a67d0eed89381febd702034

                              SHA1

                              1ccaf4ffeadea560a94301a79147bd7b677da9e3

                              SHA256

                              57524e3a3d5e7b914494dacd3b0a0fc43f7057b2eebc7d3ad504b20277f24f61

                              SHA512

                              11aefe9bd3b1623354463f7b818db7eac3d96221f8d77abbbeec13fec7a11c0a503ba015407cc3d2887db90f35e008797611927e0df6dcf7cdcd3f7029175d79

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\nsyADA1.tmp
                              Filesize

                              3.0MB

                              MD5

                              3130a0673de6ac315e94a0892d300264

                              SHA1

                              3acf54516672fb25a3918ece5d0b94dfd5142a49

                              SHA256

                              f74f2520384a257b2897ba90e3f5413491bbe8b2d89f97a2438f1bf98020c53f

                              SHA512

                              b11c90a97b4bc6e465795298a2c00fef3e13ad8dc8e7ceb331235d12a196fbc105920c561a23a77d342638faeaa4a500b2a228b2939312d40a1acd444df771a6

                              Download Submit

                            • C:\Users\Admin\AppData\Local\Temp\nsyADA1.tmp
                              Filesize

                              3.0MB

                              MD5

                              3130a0673de6ac315e94a0892d300264

                              SHA1

                              3acf54516672fb25a3918ece5d0b94dfd5142a49

                              SHA256

                              f74f2520384a257b2897ba90e3f5413491bbe8b2d89f97a2438f1bf98020c53f

                              SHA512

                              b11c90a97b4bc6e465795298a2c00fef3e13ad8dc8e7ceb331235d12a196fbc105920c561a23a77d342638faeaa4a500b2a228b2939312d40a1acd444df771a6

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\DCIService.exe
                              Filesize

                              3.3MB

                              MD5

                              db2555acc5671b00bfb6702fdba198f1

                              SHA1

                              53631a77a4bbec8abeb72126591c4459f5d1dc23

                              SHA256

                              e584bbb43c79b3c7367c1bd426e71746b56e66586b2e639bcaa4b75d1626786c

                              SHA512

                              1facb22194945d9741e9f5c91ba0a9beff395fceb73f7afda2d1b0e3cd6f73b1f6c4c7dc22d4da3a00e68ffd406eb75048f53591744fd0f738178b9cce768d01

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-file-l1-2-0.dll
                              Filesize

                              11KB

                              MD5

                              7041205ea1a1d9ba68c70333086e6b48

                              SHA1

                              5034155f7ec4f91e882eae61fd3481b5a1c62eb0

                              SHA256

                              eff4703a71c42bec1166e540aea9eeaf3dc7dfcc453fedcb79c0f3b80807869d

                              SHA512

                              aea052076059a8b4230b73936ef8864eb4bb06a8534e34fe9d03cc92102dd01b0635bfce58f4e8c073f47abfd95fb19b6fbfcdaf3bc058a188665ac8d5633eb1

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-file-l2-1-0.dll
                              Filesize

                              11KB

                              MD5

                              8fd05f79565c563a50f23b960f4d77a6

                              SHA1

                              98e5e665ef4a3dd6f149733b180c970c60932538

                              SHA256

                              3eb57cda91752a2338ee6b83b5e31347be08831d76e7010892bfd97d6ace9b73

                              SHA512

                              587a39aecb40eff8e4c58149477ebaeb16db8028d8f7bea9114d34e22cd4074718490a4e3721385995a2b477fe33894a044058880414c9a668657b90b76d464f

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-localization-l1-2-0.dll
                              Filesize

                              13KB

                              MD5

                              769bf2930e7b0ce2e3fb2cbc6630ba2e

                              SHA1

                              b9df24d2d37ca8b52ca7eb5c6de414cb3159488a

                              SHA256

                              d10ff3164acd8784fe8cc75f5b12f32ce85b12261adb22b8a08e9704b1e5991a

                              SHA512

                              9abdcccc8ee21b35f305a91ea001c0b8964d8475680fa95b4afbdc2d42797df543b95fc1bcd72d3d2ccc1d26dff5b3c4e91f1e66753626837602dbf73fc8369b

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-processthreads-l1-1-1.dll
                              Filesize

                              11KB

                              MD5

                              6486e2f519a80511ac3de235487bee79

                              SHA1

                              b43fd61e62d98eea74cf8eb54ca16c8f8e10c906

                              SHA256

                              24cc30d7a3e679989e173ddc0a9e185d6539913af589ee6683c03bf3de485667

                              SHA512

                              02331c5b15d9ee5a86a7aaf93d07f9050c9254b0cd5969d51eff329e97e29eea0cb5f2dccfe2bfa30e0e9fc4b222b89719f40a46bd762e3ff0479dbac704792c

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-synch-l1-2-0.dll
                              Filesize

                              11KB

                              MD5

                              a639c64c03544491cd196f1ba08ae6e0

                              SHA1

                              3ee08712c85aab71cfbdb43dbef06833daa36ab2

                              SHA256

                              a4e57620f941947a570b5559ca5cce2f79e25e046fcb6519e777f32737e5fd60

                              SHA512

                              c940d1f4e41067e6d24c96687a22be1cb5ffd6b2b8959d9667ba8db91e64d777d4cd274d5877380d4cfef13f6486b4f0867af02110f96c040686cc0242d5234b

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-core-timezone-l1-1-0.dll
                              Filesize

                              11KB

                              MD5

                              6f9f9d52087ae4d8d180954b9d42778b

                              SHA1

                              67419967a40cc82a0ca4151589677de8226f9693

                              SHA256

                              ef1d71fe621341c9751ee59e50cbec1d22947622ffaf8fb1f034c693f1091ef0

                              SHA512

                              22a0488613377746c13db9742f2e517f9e31bd563352cc394c3ae12809a22aa1961711e3c0648520e2e11f94411b82d3bb05c7ea1f4d1887aacf85045cf119d7

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-convert-l1-1-0.dll
                              Filesize

                              15KB

                              MD5

                              ebac9545734cc1bec37c1c32ffaff7d8

                              SHA1

                              2b716ce57f0af28d1223f4794cc8696d49ae2f29

                              SHA256

                              d09b49f2a30dcc13b7f0de8242fa57d0bdeb22f3b7e6c224be73bc4dd98d3c26

                              SHA512

                              0396ea24a6744d48ce18f9ccb270880f74c4b6eab40f8f8baf5fd9b4ad2ac79b830f9b33c13a3fec0206a95ad3824395db6b1825302d1d401d26bdc9eef003b2

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-heap-l1-1-0.dll
                              Filesize

                              12KB

                              MD5

                              fbfcf220f1bf1051e82a40f349d4beae

                              SHA1

                              43154ea6705ab1c34207b66a0a544ac211c1f37d

                              SHA256

                              9b9a43b9a32a3d3c3de72b2acca41e051b1e604b45be84985b6a62fb03355e6d

                              SHA512

                              e9ab17ceb5449e8303027a08afdbdd118cb59eaea0d5173819d66d3ee01f0cd370d7230a7d609a226b186b151fe2b13e811339fa21f3ec45f843075cedc2a5c0

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-runtime-l1-1-0.dll
                              Filesize

                              15KB

                              MD5

                              a3f630a32d715214d6c46f7c87761213

                              SHA1

                              1078c77010065c933a7394d10da93bfb81be2a95

                              SHA256

                              d16db68b4020287bb6ce701b71312a9d887874c0d26b9ebd82c3c9b965029562

                              SHA512

                              920bb08310eadd7832011ac80edd3e12ce68e54e510949dbbde90adaac497debe050e2b73b9b22d9dc105386c45d558c3f9e37e1c51ed4700dd82b00e80410bc

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-stdio-l1-1-0.dll
                              Filesize

                              17KB

                              MD5

                              c99c9eea4f83a985daf48eed9f79531b

                              SHA1

                              56486407c84beecadb88858d69300035e693d9a6

                              SHA256

                              7c416d52a7e8d6113ff85bf833cae3e11c45d1c2215b061a5bbd47432b2244a5

                              SHA512

                              78b8fd1faada381b7c4b7b6721454a19969011c1d1105fc02ba8246b477440b83dc16f0e0ce0b953a946da9d1971b65315ac29dbb6df237a11becb3d981b16b9

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\api-ms-win-crt-string-l1-1-0.dll
                              Filesize

                              17KB

                              MD5

                              d3d72d7f4c048d46d81a34e4186600b4

                              SHA1

                              cdcad0a3df99f9aee0f49c549758ee386a3d915f

                              SHA256

                              fd8a73640a158857dd76173c5d97ceeba190e3c3eabf39446936b24032b54116

                              SHA512

                              6bf9d2fdc5c2d8cd08bf543ef7a0cdcb69d7658a12bee5601eeb9381b11d78d3c42ef9dd7e132e37d1ec34cc3dc66df0f50aefadfdc927904b520fdc2f994f18

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\msvcp140.dll
                              Filesize

                              576KB

                              MD5

                              e74caf5d94aa08d046a44ed6ed84a3c5

                              SHA1

                              ed9f696fa0902a7c16b257da9b22fb605b72b12e

                              SHA256

                              3dedef76c87db736c005d06a8e0d084204b836af361a6bd2ee4651d9c45675e8

                              SHA512

                              d3128587bc8d62e4d53f8b5f95eb687bc117a6d5678c08dc6b59b72ea9178a7fd6ae8faa9094d21977c406739d6c38a440134c1c1f6f9a44809e80d162723254

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\ucrtbase.dll
                              Filesize

                              938KB

                              MD5

                              d4b22fb86c88c071335fe2fb623e40ce

                              SHA1

                              cc722eb1098b3a630a990dbceb62e3338b064110

                              SHA256

                              2195fef9bd0a01d6b10a2ab77ff4f5bbca01d65d5f6590befc98d80102372605

                              SHA512

                              369fb5d80535cb1f8d46512234d7777754648aeab6a3ff1536edc64ca0097a8e8eaa7c68feeabf756de474706f0c7c896b14c4c39cbd5916ad9258f2ed3fcdf1

                              Download Submit

                            • \Program Files (x86)\Lavasoft\Web Companion\Service\x64\vcruntime140.dll
                              Filesize

                              99KB

                              MD5

                              8697c106593e93c11adc34faa483c4a0

                              SHA1

                              cd080c51a97aa288ce6394d6c029c06ccb783790

                              SHA256

                              ff43e813785ee948a937b642b03050bb4b1c6a5e23049646b891a66f65d4c833

                              SHA512

                              724bbed7ce6f7506e5d0b43399fb3861dda6457a2ad2fafe734f8921c9a4393b480cdd8a435dbdbd188b90236cb98583d5d005e24fa80b5a0622a6322e6f3987

                              Download Submit

                            • \TimeTables\roz.exe
                              Filesize

                              16.5MB

                              MD5

                              fae82da374f0c60c08010f9edec44a63

                              SHA1

                              7d9a07f1a826bc011a7d9eedf0e2ea735f7727cc

                              SHA256

                              307c070863ea26e9930b4b211400325b903378fd08b8f7f039b7808376a6bb23

                              SHA512

                              9c3c678fbabd463899dbfd80cd406dab24f11e591a1501b9a99b223eca734c55a6a35b381938766135383c0b340d0c94de8c4ed483fe95a3cff1e393c7f9088d

                              Download Submit

                            • \TimeTables\roz.exe
                              Filesize

                              16.5MB

                              MD5

                              fae82da374f0c60c08010f9edec44a63

                              SHA1

                              7d9a07f1a826bc011a7d9eedf0e2ea735f7727cc

                              SHA256

                              307c070863ea26e9930b4b211400325b903378fd08b8f7f039b7808376a6bb23

                              SHA512

                              9c3c678fbabd463899dbfd80cd406dab24f11e591a1501b9a99b223eca734c55a6a35b381938766135383c0b340d0c94de8c4ed483fe95a3cff1e393c7f9088d

                              Download Submit

                            • \TimeTables\roz.exe
                              Filesize

                              16.5MB

                              MD5

                              fae82da374f0c60c08010f9edec44a63

                              SHA1

                              7d9a07f1a826bc011a7d9eedf0e2ea735f7727cc

                              SHA256

                              307c070863ea26e9930b4b211400325b903378fd08b8f7f039b7808376a6bb23

                              SHA512

                              9c3c678fbabd463899dbfd80cd406dab24f11e591a1501b9a99b223eca734c55a6a35b381938766135383c0b340d0c94de8c4ed483fe95a3cff1e393c7f9088d

                              Download Submit

                            • \TimeTables\roz.exe
                              Filesize

                              16.5MB

                              MD5

                              fae82da374f0c60c08010f9edec44a63

                              SHA1

                              7d9a07f1a826bc011a7d9eedf0e2ea735f7727cc

                              SHA256

                              307c070863ea26e9930b4b211400325b903378fd08b8f7f039b7808376a6bb23

                              SHA512

                              9c3c678fbabd463899dbfd80cd406dab24f11e591a1501b9a99b223eca734c55a6a35b381938766135383c0b340d0c94de8c4ed483fe95a3cff1e393c7f9088d

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\7zS032990AC\ICSharpCode.SharpZipLib.dll
                              Filesize

                              203KB

                              MD5

                              9e0de64b6d714d1e4718fcf916a7c808

                              SHA1

                              d9bd1bd5dd4cca45fd5207c85b5cda4720db9229

                              SHA256

                              35e60b266a70ecf603ffc8bee04db290455a97a2d22cb5249bdeae527cad2bca

                              SHA512

                              d5a41c9afa0daeb550744037ce8e4eea15d049aca32f9d1c63b1b4f87fb445bba7a827c5b18c4c9945072149cbdb1c26cb31ad6f468b070af3d6afb1a8ad900f

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\7zS032990AC\ICSharpCode.SharpZipLib.dll
                              Filesize

                              203KB

                              MD5

                              9e0de64b6d714d1e4718fcf916a7c808

                              SHA1

                              d9bd1bd5dd4cca45fd5207c85b5cda4720db9229

                              SHA256

                              35e60b266a70ecf603ffc8bee04db290455a97a2d22cb5249bdeae527cad2bca

                              SHA512

                              d5a41c9afa0daeb550744037ce8e4eea15d049aca32f9d1c63b1b4f87fb445bba7a827c5b18c4c9945072149cbdb1c26cb31ad6f468b070af3d6afb1a8ad900f

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\7zS032990AC\ICSharpCode.SharpZipLib.dll
                              Filesize

                              203KB

                              MD5

                              9e0de64b6d714d1e4718fcf916a7c808

                              SHA1

                              d9bd1bd5dd4cca45fd5207c85b5cda4720db9229

                              SHA256

                              35e60b266a70ecf603ffc8bee04db290455a97a2d22cb5249bdeae527cad2bca

                              SHA512

                              d5a41c9afa0daeb550744037ce8e4eea15d049aca32f9d1c63b1b4f87fb445bba7a827c5b18c4c9945072149cbdb1c26cb31ad6f468b070af3d6afb1a8ad900f

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\7zS032990AC\Newtonsoft.Json.dll
                              Filesize

                              423KB

                              MD5

                              90dd83a4481f17340a1b3af258ca83e1

                              SHA1

                              2d4e9e1f132a9b55f11486119e7d23f9d3100c81

                              SHA256

                              cf5e514abe016be9ff50c56b589b20eb009888b8f0a9f207fa6486e9697fda78

                              SHA512

                              8e4f88845853deaa7305d51f699420b1581ce5db518193cd113579ee77dcdb4a2f742f4f26fab88329768f5d4877f4e391aa855a3b58ef9c57ed1f6c6a0184a7

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\7zS032990AC\Newtonsoft.Json.dll
                              Filesize

                              423KB

                              MD5

                              90dd83a4481f17340a1b3af258ca83e1

                              SHA1

                              2d4e9e1f132a9b55f11486119e7d23f9d3100c81

                              SHA256

                              cf5e514abe016be9ff50c56b589b20eb009888b8f0a9f207fa6486e9697fda78

                              SHA512

                              8e4f88845853deaa7305d51f699420b1581ce5db518193cd113579ee77dcdb4a2f742f4f26fab88329768f5d4877f4e391aa855a3b58ef9c57ed1f6c6a0184a7

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\7zS032990AC\Newtonsoft.Json.dll
                              Filesize

                              423KB

                              MD5

                              90dd83a4481f17340a1b3af258ca83e1

                              SHA1

                              2d4e9e1f132a9b55f11486119e7d23f9d3100c81

                              SHA256

                              cf5e514abe016be9ff50c56b589b20eb009888b8f0a9f207fa6486e9697fda78

                              SHA512

                              8e4f88845853deaa7305d51f699420b1581ce5db518193cd113579ee77dcdb4a2f742f4f26fab88329768f5d4877f4e391aa855a3b58ef9c57ed1f6c6a0184a7

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\7zS032990AC\WebCompanionInstaller.exe
                              Filesize

                              451KB

                              MD5

                              b949799d09e9b30a1c7a0171468df31e

                              SHA1

                              c166ab632216d1503c2b358861ff4532b04f1fc4

                              SHA256

                              bf3ce13b63a958e24544d7fa6f9f9de51de117f0305e98d9cd050e10f4135f05

                              SHA512

                              7e07906af92fe34525db081fa20b59fe92dda87acd5e6debc9a42f8898cde2124435b636becb9b6bf2e1c2f85922516435677f9ec896e3c488ec5c0071600684

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\nst9917.tmp\FindProcDLL.dll
                              Filesize

                              27KB

                              MD5

                              6f73b00aef6c49eac62128ef3eca677e

                              SHA1

                              1b6aff67d570e5ee61af2376247590eb49b728a1

                              SHA256

                              6eb09ce25c7fc62e44dc2f71761c6d60dd4b2d0c7d15e9651980525103aac0a9

                              SHA512

                              678fc4bf7d345eeb99a3420ec7d0071eaba302845e93b48527d9a2a9c406709cc44ec74d6a889e25a8351a463803f8713a833df3a1707a5ad50db05240a32938

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\nst9917.tmp\FindProcDLL.dll
                              Filesize

                              27KB

                              MD5

                              6f73b00aef6c49eac62128ef3eca677e

                              SHA1

                              1b6aff67d570e5ee61af2376247590eb49b728a1

                              SHA256

                              6eb09ce25c7fc62e44dc2f71761c6d60dd4b2d0c7d15e9651980525103aac0a9

                              SHA512

                              678fc4bf7d345eeb99a3420ec7d0071eaba302845e93b48527d9a2a9c406709cc44ec74d6a889e25a8351a463803f8713a833df3a1707a5ad50db05240a32938

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\nst9917.tmp\InstallOptions.dll
                              Filesize

                              15KB

                              MD5

                              89351a0a6a89519c86c5531e20dab9ea

                              SHA1

                              9e801aaaae9e70d8f7fc52f6f12cedc55e4c8a00

                              SHA256

                              f530069ef87a1c163c4fd63a3d5b053420ce3d7a98739c70211b4a99f90d6277

                              SHA512

                              13168fa828b581383e5f64d3b54be357e98d2eb9362b45685e7426ffc2f0696ab432cc8a3f374ce8abd03c096f1662d954877afa886fc4aa74709e6044b75c08

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\nst9917.tmp\StartMenu.dll
                              Filesize

                              7KB

                              MD5

                              8fb72af40578e779e69049cccbfb473d

                              SHA1

                              3cd042d8ec9e2216558e96a2663b6e42d33aab56

                              SHA256

                              70a91d4b67b0017beb83e93724e799e2cde82cb2500d872266bf478878840d0c

                              SHA512

                              15453d4e7f894084a3dc385f9d17299920d09903d38b68af69da25a93028432a02c900372aabafd1998fe016e53572a81a55c04791aea5cd5291804002d9398e

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\nst9917.tmp\newadvsplash.dll
                              Filesize

                              8KB

                              MD5

                              55a723e125afbc9b3a41d46f41749068

                              SHA1

                              01618b26fec6b8c6bdb866e6e4d0f7a0529fe97c

                              SHA256

                              0a70cc4b93d87ecd93e538cfbed7c9a4b8b5c6f1042c6069757bda0d1279ed06

                              SHA512

                              559157fa1b3eb6ae1f9c0f2c71ccc692a0a0affb1d6498a8b8db1436d236fd91891897ac620ed5a588beba2efa43ef064211a7fcadb5c3a3c5e2be1d23ef9d4c

                              Download Submit

                            • \Users\Admin\AppData\Local\Temp\nsyADA1.tmp
                              Filesize

                              3.0MB

                              MD5

                              3130a0673de6ac315e94a0892d300264

                              SHA1

                              3acf54516672fb25a3918ece5d0b94dfd5142a49

                              SHA256

                              f74f2520384a257b2897ba90e3f5413491bbe8b2d89f97a2438f1bf98020c53f

                              SHA512

                              b11c90a97b4bc6e465795298a2c00fef3e13ad8dc8e7ceb331235d12a196fbc105920c561a23a77d342638faeaa4a500b2a228b2939312d40a1acd444df771a6

                              Download Submit

                            • memory/288-109-0x0000000000000000-mapping.dmp

                              Download

                            • memory/316-104-0x0000000000000000-mapping.dmp

                              Download

                            • memory/360-57-0x0000000075C61000-0x0000000075C63000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/360-55-0x0000000000000000-mapping.dmp

                              Download

                            • memory/560-60-0x0000000000000000-mapping.dmp

                              Download

                            • memory/632-110-0x0000000000000000-mapping.dmp

                              Download

                            • memory/908-74-0x0000000000000000-mapping.dmp

                              Download

                            • memory/976-201-0x0000000000000000-mapping.dmp

                              Download

                            • memory/976-323-0x0000000000000000-mapping.dmp

                              Download

                            • memory/976-324-0x000007FEFB5B1000-0x000007FEFB5B3000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/1004-98-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1012-260-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1092-199-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1116-102-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1152-150-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1256-54-0x000007FEFB5B1000-0x000007FEFB5B3000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/1328-112-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1368-86-0x0000000073C10000-0x00000000741BB000-memory.dmp

                              Filesize

                              5.7MB

                              Download

                            • memory/1368-166-0x0000000073C10000-0x00000000741BB000-memory.dmp

                              Filesize

                              5.7MB

                              Download

                            • memory/1368-65-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1368-69-0x0000000073C10000-0x00000000741BB000-memory.dmp

                              Filesize

                              5.7MB

                              Download

                            • memory/1432-106-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1440-400-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1548-93-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1600-92-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1612-393-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1620-144-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1644-402-0x0000000005040000-0x000000000504A000-memory.dmp

                              Filesize

                              40KB

                              Download

                            • memory/1644-396-0x0000000005040000-0x000000000504A000-memory.dmp

                              Filesize

                              40KB

                              Download

                            • memory/1644-397-0x0000000005040000-0x000000000504A000-memory.dmp

                              Filesize

                              40KB

                              Download

                            • memory/1644-403-0x0000000005040000-0x000000000504A000-memory.dmp

                              Filesize

                              40KB

                              Download

                            • memory/1664-188-0x0000000000B3A000-0x0000000000B59000-memory.dmp

                              Filesize

                              124KB

                              Download

                            • memory/1664-154-0x000007FEECFB0000-0x000007FEEE683000-memory.dmp

                              Filesize

                              22.8MB

                              Download

                            • memory/1664-153-0x000007FEF2140000-0x000007FEF2B63000-memory.dmp

                              Filesize

                              10.1MB

                              Download

                            • memory/1664-155-0x0000000000B3A000-0x0000000000B59000-memory.dmp

                              Filesize

                              124KB

                              Download

                            • memory/1676-107-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1680-145-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1720-108-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1732-222-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1744-162-0x0000000073C10000-0x00000000741BB000-memory.dmp

                              Filesize

                              5.7MB

                              Download

                            • memory/1744-147-0x0000000000000000-mapping.dmp

                              Download

                            • memory/1744-158-0x0000000073C10000-0x00000000741BB000-memory.dmp

                              Filesize

                              5.7MB

                              Download

                            • memory/1744-152-0x0000000006C50000-0x0000000006C62000-memory.dmp

                              Filesize

                              72KB

                              Download

                            • memory/1744-149-0x0000000073C10000-0x00000000741BB000-memory.dmp

                              Filesize

                              5.7MB

                              Download

                            • memory/1976-205-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2016-91-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2060-156-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2104-157-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2116-394-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2168-159-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2184-194-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2212-391-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2212-160-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2220-259-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2244-192-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2280-354-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2280-357-0x000007FEFB5B1000-0x000007FEFB5B3000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/2280-196-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2312-398-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2336-190-0x0000000008F10000-0x0000000008F22000-memory.dmp

                              Filesize

                              72KB

                              Download

                            • memory/2336-191-0x0000000073C10000-0x00000000741BB000-memory.dmp

                              Filesize

                              5.7MB

                              Download

                            • memory/2336-198-0x0000000000A46000-0x0000000000A57000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2336-189-0x0000000000A46000-0x0000000000A57000-memory.dmp

                              Filesize

                              68KB

                              Download

                            • memory/2336-163-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2336-165-0x0000000073C10000-0x00000000741BB000-memory.dmp

                              Filesize

                              5.7MB

                              Download

                            • memory/2380-208-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2432-203-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2484-210-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2516-212-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2532-261-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2560-213-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2584-215-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2596-181-0x00000000033F0000-0x0000000003916000-memory.dmp

                              Filesize

                              5.1MB

                              Download

                            • memory/2596-182-0x0000000003830000-0x0000000003D56000-memory.dmp

                              Filesize

                              5.1MB

                              Download

                            • memory/2596-167-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2596-233-0x0000000003830000-0x000000000383A000-memory.dmp

                              Filesize

                              40KB

                              Download

                            • memory/2596-170-0x0000000000400000-0x0000000000926000-memory.dmp

                              Filesize

                              5.1MB

                              Download

                            • memory/2596-171-0x0000000002810000-0x0000000002D36000-memory.dmp

                              Filesize

                              5.1MB

                              Download

                            • memory/2596-232-0x0000000000400000-0x0000000000926000-memory.dmp

                              Filesize

                              5.1MB

                              Download

                            • memory/2616-169-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2616-172-0x0000000000400000-0x0000000000926000-memory.dmp

                              Filesize

                              5.1MB

                              Download

                            • memory/2616-238-0x0000000000400000-0x0000000000926000-memory.dmp

                              Filesize

                              5.1MB

                              Download

                            • memory/2636-216-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2716-174-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2716-176-0x0000000000400000-0x0000000000926000-memory.dmp

                              Filesize

                              5.1MB

                              Download

                            • memory/2720-217-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2756-183-0x0000000000400000-0x0000000000926000-memory.dmp

                              Filesize

                              5.1MB

                              Download

                            • memory/2756-184-0x0000000002910000-0x0000000002E36000-memory.dmp

                              Filesize

                              5.1MB

                              Download

                            • memory/2756-225-0x0000000000400000-0x0000000000926000-memory.dmp

                              Filesize

                              5.1MB

                              Download

                            • memory/2756-177-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2776-388-0x000007FEFB5B1000-0x000007FEFB5B3000-memory.dmp

                              Filesize

                              8KB

                              Download

                            • memory/2776-385-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2832-235-0x0000000000400000-0x0000000000926000-memory.dmp

                              Filesize

                              5.1MB

                              Download

                            • memory/2832-179-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2832-186-0x0000000000400000-0x0000000000926000-memory.dmp

                              Filesize

                              5.1MB

                              Download

                            • memory/2844-218-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2856-389-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2900-293-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2916-292-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2916-219-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2928-185-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2940-245-0x0000000002170000-0x0000000002180000-memory.dmp

                              Filesize

                              64KB

                              Download

                            • memory/2940-221-0x0000000000000000-mapping.dmp

                              Download

                            • memory/2964-187-0x0000000000000000-mapping.dmp

                              Download