Resubmissions
24-11-2022 19:03
221124-xqhmxsgb8s 1020-11-2022 12:40
221120-pwdbdsdb77 119-11-2022 11:14
221119-nb3vwada3v 819-11-2022 11:13
221119-nbpy1shb45 1Analysis
-
max time kernel
624s -
max time network
664s -
platform
windows10-2004_x64 -
resource
win10v2004-20220901-en -
resource tags
-
submitted
24-11-2022 19:03
General
-
Target
https://dropmefiles.com/RsrG4
Score
10/10
Malware Config
Signatures
-
Suspicious use of NtCreateProcessExOtherParentProcess 2 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 64 IoCs
-
Registers COM server for autorun 1 TTPs 3 IoCs
-
UPX packed file 9 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Checks computer location settings 2 TTPs 17 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 64 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 27 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 64 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates processes with tasklist 1 TTPs 11 IoCs
-
Enumerates system info in registry 2 TTPs 8 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies data under HKEY_USERS 10 IoCs
-
Modifies registry class 64 IoCs
-
Modifies system certificate store 2 TTPs 15 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 42 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" https://dropmefiles.com/RsrG41⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffbffc34f50,0x7ffbffc34f60,0x7ffbffc34f702⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=1828 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1664 /prefetch:22⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2952 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4216 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5568 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4628 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5148 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5156 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4736 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4600 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4260 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4512 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4708 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=924 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6360 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3696 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1104 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6348 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1076 /prefetch:82⤵
-
C:\Users\Admin\Downloads\ExLoader_Installer.exe"C:\Users\Admin\Downloads\ExLoader_Installer.exe"2⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\Software\Yandex\YandexBrowser /v last_startup_time4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\Software\Yandex\YandexBrowser /v last_startup_time5⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\Software\Opera Software" /v "Last Stable Install Path"4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\Software\Opera Software" /v "Last Stable Install Path"5⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Opera Software" /v "Last Stable Install Path"4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Opera Software" /v "Last Stable Install Path"5⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Opera Software" /v "Last Stable Install Path"4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Opera Software" /v "Last Stable Install Path"5⤵
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "exloader.exe\"" /FO CSV4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq exloader.exe" /FO CSV5⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware5⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Desktop4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders" /v Desktop5⤵
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command "$WshShell = New-Object -comObject WScript.Shell $Shortcut = $WshShell.CreateShortcut(\"c:\users\admin\desktop\ExLoader.lnk\") $Shortcut.TargetPath = \"C:\Program Files\ExLoader\ExLoader.exe\" $Shortcut.Save()"4⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\ExLoader\ExLoader.exe"C:\Program Files\ExLoader\ExLoader.exe" -deletePreviousExLoader4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString6⤵
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV6⤵
- Enumerates processes with tasklist
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString6⤵
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV6⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "csgo.exe\"" /FO CSV5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq csgo.exe" /FO CSV6⤵
- Enumerates processes with tasklist
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "faceitclient.exe\"" /FO CSV5⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq faceitclient.exe" /FO CSV6⤵
- Enumerates processes with tasklist
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "faceitservice.exe\"" /FO CSV5⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq faceitservice.exe" /FO CSV6⤵
- Enumerates processes with tasklist
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 0D756077321A70C3E844C138CE9815815⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Products /f 0D756077321A70C3E844C138CE9815816⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {01db25f3-1b76-4d97-88c8-1c90634d88fb}5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CLASSES_ROOT\Installer\Dependencies /f {01db25f3-1b76-4d97-88c8-1c90634d88fb}6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\taskkill.exe /f /im csgo.exe5⤵
-
C:\Windows\System32\taskkill.exeC:\Windows\System32\taskkill.exe /f /im csgo.exe6⤵
- Kills process with taskkill
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\taskkill.exe /f /im steam.exe5⤵
-
C:\Windows\System32\taskkill.exeC:\Windows\System32\taskkill.exe /f /im steam.exe6⤵
- Kills process with taskkill
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString6⤵
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV5⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV6⤵
- Enumerates processes with tasklist
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware5⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware6⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Users\Admin\AppData\Roaming\com.swiftsoft\exloader\tools\Microsoft_redistributable_packages_x64.exe5⤵
-
C:\Users\Admin\AppData\Roaming\com.swiftsoft\exloader\tools\Microsoft_redistributable_packages_x64.exeC:\Users\Admin\AppData\Roaming\com.swiftsoft\exloader\tools\Microsoft_redistributable_packages_x64.exe6⤵
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x86_False\8.0.50727.42\vcredist.msi" /qn ARPSYSTEMCOMPONENT=17⤵
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x86_False\8.0.50727.762\vcredist.msi" /qn ARPSYSTEMCOMPONENT=17⤵
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x86_False\8.0.50727.832\vcredist.msi" /qn ARPSYSTEMCOMPONENT=17⤵
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x86_False\8.0.50727.3079\vcredist.msi" /qn ARPSYSTEMCOMPONENT=17⤵
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x86_False\8.0.50727.4053.0\atl80sp1_kb973923.msi" /qn ARPSYSTEMCOMPONENT=17⤵
-
C:\Windows\SysWOW64\msiexec.exemsiexec /i "C:\Users\Admin\AppData\Local\Temp\VCRedist\VCRedist_2005_x86_False\8.0.50727.4053\vcredist.msi" /qn ARPSYSTEMCOMPONENT=17⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v InstallDate4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion" /v InstallDate5⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /c C:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware4⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender" /v DisableAntiSpyware5⤵
-
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exeC:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --silent --allusers=04⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
-
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exeC:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=93.0.4585.21 --initial-client-data=0x2bc,0x2b4,0x2e0,0x2b8,0x2e4,0x75a12698,0x75a126a8,0x75a126b45⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version5⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe"C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=0 --server-tracking-data=server_tracking_data --initial-pid=3856 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20221124190519" --session-guid=8684c76a-4c34-4f9d-b16c-48508259239d --server-tracking-blob="Zjk4ZmExYjAyMzRjMTdhZjIwY2VhMDAwZmJkZmM3YzgxNzY4Mjk0MDNmMDJlOTJhMWQyZTFhNTJjZmVlYzA1ZTp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU9MRF9fMTgyMjZhIiwidGltZXN0YW1wIjoiMTY2OTMxNjcxMy43MzM3IiwidXNlcmFnZW50IjoiRGFydC8yLjE4IChkYXJ0OmlvKSIsInV0bSI6eyJjYW1wYWlnbiI6Ik9MRF9fMTgyMjZhIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiT0ZUIn0sInV1aWQiOiIxNGE1MzY0OS1mM2ViLTQwM2QtODZmZC0zMTNjNzRmOTljODUifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=6C050000000000005⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
-
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exeC:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=93.0.4585.21 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2b8,0x2f0,0x73812698,0x738126a8,0x738126b46⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\installer.exe"C:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\installer.exe" --backend --initial-pid=3856 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=0 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202211241905191" --session-guid=8684c76a-4c34-4f9d-b16c-48508259239d --server-tracking-blob="Zjk4ZmExYjAyMzRjMTdhZjIwY2VhMDAwZmJkZmM3YzgxNzY4Mjk0MDNmMDJlOTJhMWQyZTFhNTJjZmVlYzA1ZTp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGU/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1PRlQmdXRtX2NhbXBhaWduPU9MRF9fMTgyMjZhIiwidGltZXN0YW1wIjoiMTY2OTMxNjcxMy43MzM3IiwidXNlcmFnZW50IjoiRGFydC8yLjE4IChkYXJ0OmlvKSIsInV0bSI6eyJjYW1wYWlnbiI6Ik9MRF9fMTgyMjZhIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiT0ZUIn0sInV1aWQiOiIxNGE1MzY0OS1mM2ViLTQwM2QtODZmZC0zMTNjNzRmOTljODUifQ== " --silent --desktopshortcut=1 --install-subfolder=93.0.4585.216⤵
- Executes dropped EXE
- Registers COM server for autorun
- Loads dropped DLL
- Enumerates connected drives
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\installer.exeC:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=93.0.4585.21 --initial-client-data=0x2a0,0x2a4,0x2a8,0x27c,0x2ac,0x7ffbfe4a9ce8,0x7ffbfe4a9cf8,0x7ffbfe4a9d087⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe"C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized7⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher8⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
-
C:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_crashreporter.exeC:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=93.0.4585.21 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x7ffbf5642a18,0x7ffbf5642a28,0x7ffbf5642a389⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=DNA-77043-test:DNA-77043 --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1644 --field-trial-handle=1972,i,1442548231567917330,8195180098513447359,131072 /prefetch:29⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --ab_tests=DNA-77043-test:DNA-77043 --mojo-platform-channel-handle=1772 --field-trial-handle=1972,i,1442548231567917330,8195180098513447359,131072 /prefetch:89⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202211241905191\assistant\_sfx.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202211241905191\assistant\_sfx.exe"5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202211241905191\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202211241905191\assistant\assistant_installer.exe" --version5⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202211241905191\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202211241905191\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=92.0.4561.21 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0xc0a8e0,0xc0a8f0,0xc0a8fc6⤵
- Executes dropped EXE
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2624 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3268 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5872 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5856 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6216 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5812 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5948 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3008 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5864 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6512 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:12⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4636 /prefetch:82⤵
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1632,7041045946436708634,3437560307173302506,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3056 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x2ec 0x3041⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding1⤵
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser1⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Enumerates system info in registry
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_crashreporter.exeC:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=93.0.4585.21 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x7ffbf5642a18,0x7ffbf5642a28,0x7ffbf5642a382⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:22⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1888 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2268 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3032 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3044 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3064 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3076 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3088 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3100 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3436 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=3452 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=4424 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=4460 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=4504 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4520 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4856 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=5184 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=5432 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_autoupdate.exe"C:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c12⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_autoupdate.exeC:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=93.0.4585.21 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff684d39e98,0x7ff684d39ea8,0x7ff684d39eb83⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=5864 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=6564 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=6052 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6024 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
- Modifies registry class
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=6544 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6680 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6748 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6636 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6676 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6640 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6752 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6656 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6772 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6784 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6796 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6632 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6816 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6804 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6660 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6904 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6916 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6928 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --display-capture-permissions-policy-allowed --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=6872 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:12⤵
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6956 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3304 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3284 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3256 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3264 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3252 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=8784 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=8108 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=8572 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=8120 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=7316 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3480 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3596 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=7436 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=utility --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=8884 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=9028 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=8708 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:booking-modal=off --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:scrollable-tab-strip=off --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=8364 --field-trial-handle=1968,i,6025186653310605852,3069351219616670581,131072 /prefetch:82⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_autoupdate.exe"C:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_autoupdate.exe" --edition --host=https://autoupdate.geo.opera.com/ --installationdatadir="C:\Users\Admin\AppData\Local\Programs\Opera" --installdir="C:\Users\Admin\AppData\Local\Programs\Opera" --lang=en-US --pipeid --producttype --requesttype=shutdown --version=93.0.4585.21 --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --firstrunver=93.0.4585.21 --firstrunts=1669316835 --consent-info=eyJzdGF0aXN0aWNzX2NvbGxlY3Rpb25fZW5hYmxlZCI6dHJ1ZSwidXNlcl9leHBlcmllbmNlX21ldHJpY3NfcmVwb3J0aW5nX2VuYWJsZWQiOnRydWV92⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_autoupdate.exeC:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=93.0.4585.21 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff684d39e98,0x7ff684d39ea8,0x7ff684d39eb83⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exeC:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=93.0.4585.21 --newautoupdaterlogic1⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version2⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_autoupdate.exe"C:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_autoupdate.exe" --pipeid=oauc_task_pipedcbb8f53eff625f232ff45d764476217 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015" --scheduledtask2⤵
-
C:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_autoupdate.exeC:\Users\Admin\AppData\Local\Programs\Opera\93.0.4585.21\opera_autoupdate.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\Crash Reports" --crash-count-file=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\crash_count.txt --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=93.0.4585.21 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff684d39e98,0x7ff684d39ea8,0x7ff684d39eb83⤵
- Modifies system certificate store
-
C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version3⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Windows\system32\msiexec.exeC:\Windows\system32\msiexec.exe /V1⤵
- Enumerates connected drives
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 31205F4A3E9505C0FBEA68ECF4CA4E0E2⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 6C62041E811147DCF2F93DE216EB54392⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 4163CEF4A0F53CDF70BD404FBFCDCD6C2⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 59618BA9C93B4EC8B1B8D0786C20E2E82⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 15865DBA6D9EFAD0278F9B1AB87B33782⤵
-
C:\Windows\syswow64\MsiExec.exeC:\Windows\syswow64\MsiExec.exe -Embedding 2721A2FADB627F1ADF2D774F15EE10252⤵
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /41⤵
- Suspicious use of NtCreateProcessExOtherParentProcess
- Checks SCSI registry key(s)
-
C:\Windows\system32\werfault.exewerfault.exe /h /shared Global\01714f894e9643939e16b129aaa2184c /t 3728 /p 17121⤵
-
C:\Program Files\ExLoader\ExLoader.exe"C:\Program Files\ExLoader\ExLoader.exe"1⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography /v MachineGuid3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography /v MachineGuid3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString3⤵
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV2⤵
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV3⤵
- Enumerates processes with tasklist
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString3⤵
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV2⤵
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV3⤵
- Enumerates processes with tasklist
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString3⤵
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV2⤵
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV3⤵
- Enumerates processes with tasklist
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Valve\Steam /v InstallPath3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Valve\Steam /v InstallPath3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_CURRENT_USER\SOFTWARE\Valve\Steam /v SteamPath3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString3⤵
-
C:\Windows\System32\cmd.exeC:\Windows\System32\cmd.exe /C C:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString2⤵
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe query HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Steam /v UninstallString3⤵
-
C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exeC:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -command C:\Windows\System32\tasklist.exe /FI "\"IMAGENAME" eq "steam.exe\"" /FO CSV2⤵
-
C:\Windows\System32\tasklist.exe"C:\Windows\System32\tasklist.exe" /FI "IMAGENAME eq steam.exe" /FO CSV3⤵
- Enumerates processes with tasklist
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Program Files\ExLoader\ExLoader.exeFilesize
198KB
MD540ac6a0e57dfd0ff71704a28c0d1d6b4
SHA181d78a786ca4d1e4fc0ef80314acc36bc5f4d55f
SHA25672c42a76426f4238636fd45d456c606e23e6b6e81750ac746ffdf14884256a93
SHA512974264aeabea0a5374f16ab7dff2302f71b3e895a3ff384306b8cb6ca1c0e66fc8eebecf9e9602483ec22ea167a4dbb01266e8e08147c099e6b00fc54dbe771b
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.logFilesize
2KB
MD5d85ba6ff808d9e5444a4b369f5bc2730
SHA131aa9d96590fff6981b315e0b391b575e4c0804a
SHA25684739c608a73509419748e4e20e6cc4e1846056c3fe1929a8300d5a1a488202f
SHA5128c414eb55b45212af385accc16d9d562adba2123583ce70d22b91161fe878683845512a78f04dedd4ea98ed9b174dbfa98cf696370598ad8e6fbd1e714f1f249
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\CachesMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
64B
MD55caad758326454b5788ec35315c4c304
SHA13aef8dba8042662a7fcf97e51047dc636b4d4724
SHA25683e613b6dc8d70e3bb67c58535e014f58f3e8b2921e93b55137d799fc8c56391
SHA5124e0d443cf81e2f49829b0a458a08294bf1bdc0e38d3a938fb8274eeb637d9a688b14c7999dd6b86a31fcec839a9e8c1a9611ed0bbae8bd59caa9dba1e8253693
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exeFilesize
99KB
MD554db511bac0d714b4229a8e0bc9abb39
SHA195c3b95508b504f49cab9b0372af9a7c61dee2f4
SHA2562be07239231a75ed242b5306066f47781792ad2a0f14a2cfd1bd7b5a0474bd51
SHA5124296694433c8113032bc822c131ddc25b077b848fe7dff073e5d34a5e1e26342e9f712963e65ff5ea44a1038107c1659305c417ae7d88843c2bcc304f9f8b222
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\ExLoader_Installer.exeFilesize
99KB
MD554db511bac0d714b4229a8e0bc9abb39
SHA195c3b95508b504f49cab9b0372af9a7c61dee2f4
SHA2562be07239231a75ed242b5306066f47781792ad2a0f14a2cfd1bd7b5a0474bd51
SHA5124296694433c8113032bc822c131ddc25b077b848fe7dff073e5d34a5e1e26342e9f712963e65ff5ea44a1038107c1659305c417ae7d88843c2bcc304f9f8b222
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\MSVCP140.dllFilesize
558KB
MD5bf78c15068d6671693dfcdfa5770d705
SHA14418c03c3161706a4349dfe3f97278e7a5d8962a
SHA256a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb
SHA5125b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VCRUNTIME140.dllFilesize
94KB
MD511d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\VCRUNTIME140_1.dllFilesize
36KB
MD57667b0883de4667ec87c3b75bed84d84
SHA1e6f6df83e813ed8252614a46a5892c4856df1f58
SHA25604e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\app.soFilesize
5.8MB
MD597c4d4befe0a3f12799ff4a1e45ba19b
SHA13bf02da561551a6c5ea7271c492214ffaa729d88
SHA2569abc9bbd69d74de22c163f765d74860cdc46bf0522a6edbd5f7b86febf30ffe3
SHA512a6adc2d27d2f3cd754171d98e319d82dbaf5242fd837a791962bb3a4227e3d873ca648baebab0606dc23aa31f3aff1cd9f24b222debbe47d720b1a9022f58ccb
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\AssetManifest.jsonFilesize
1KB
MD57b134a5e3b9d796fe5cdff206710f874
SHA134805c55ae0ba64780b4a01132f9e4b923b94abc
SHA25645bd1b5f1ad3d48c1d51ffbdb9dfec572562128fa37087fbadf9589ee05e2d48
SHA5125712dae80d6d7413d7497bb071c102da1e599de0b3893f23f6fc7c864452d4a56dd24f44860a16cf537412fce714d46483dc2586dead601c4b9c9941e9c7644c
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\FontManifest.jsonFilesize
394B
MD5d5db5124c8470ef3d02e3fcb7536a234
SHA11b26ca91230fc342c6afb08dc0601eb8533e77b8
SHA256ce82969b8c44f1f7750c9646d4ffdd1c99d6abb99565deb102dfb37c2c541de6
SHA5128ff3d4786ebc2fe85f9035d85da58ea8953de129fa448b32b4c19eae8d3eb9bcce30399801e6762f6484a0b6d4d5c023d06c5b1ec4e13eddfe131ce9b9561641
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\background.pngFilesize
210KB
MD5903e870339ea32df505f1c603830fa72
SHA1460052cf71efb8ad1cdb354475a888146938f192
SHA256cecedf106e85487dae2d990ce0cfe7e9f4e37f1aa0221b920d41f1afd24a5fef
SHA512730164e0af61822537fe62553525fec3b7943631613c13c99192d5e23328cb0500f9dcb3b47b2b1d1cbec9fe7c039681ad31df00fee0896c6a5ae9a0e6ff7a36
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\MONTSERRAT-BOLD.TTFFilesize
255KB
MD588932dadc42e1bba93b21a76de60ef7a
SHA13320ff5514b32565b0396de4f2064ce17ec9eea4
SHA256c4c8cb572a5a2c43d78b3701f4b2349684e6ca4d1557e469af6065b1e099c26c
SHA512298e1e171dbbe386e1abe153446b883c40910819099f64f54dc9faa95d739be56839537342bbe8dd8408545cb1f8c98878a3524d91af1f11a112d1bfc202657a
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\MONTSERRAT-MEDIUM.TTFFilesize
254KB
MD5a98626e1aef6ceba5dfc1ee7112e235a
SHA1ca42fe10fa893f390472859405c7564095e4260f
SHA25692b3d3c6e135eb1dc95f88e6ca75bd6113d9eb3261a95ca39f733e3897e53675
SHA51281761cd87aece3cea03b4520d8c7518f8d549d8e91cce2a4a4752729e7a28ad4b502472731a06f7051f357bfa1042640a5e7592887b1c3914de0dfe230ef882c
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\fonts\MONTSERRAT-SEMIBOLD.TTFFilesize
254KB
MD5c88cecbffad6d8e731fd95de49561ebd
SHA14ef29a9163b56df34a3486b98b24be3a3d0cdca6
SHA256bab583d38d105dac9141b287fb2b7763b6d8b0bae97e745faaccedb40a579c29
SHA512d514f33af50e74906617f8a9bb91e91f11a3ad3387f262c78804252df284e860d9d61d0bb4a61b60f122a00749824957bf53e8c308d7a53b722e7b88777c791d
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\close.svgFilesize
299B
MD548136cdde28ef3bd42836d10a06b43fb
SHA1623781c566c4cf19d0139b8036ce3bb5b076aa85
SHA2564209cfea7eadb13b87a41dd79083b20aff8830ac3701d85eba9d939dc5b57af3
SHA512ba16dafcab39d4fa8c0295e0f4707284a0f8c90333ee5b6135fd2ddd76f9a9920c40e5cbb730a1cb5a809228d6dbf6f5ad797d9d1e2c783dcea066bbb2a23c55
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\maximize.svgFilesize
330B
MD5776c137f6b6fc0161cccef9229adf74f
SHA1b15b53f6c286d9325995cede4b022689b44c0d8e
SHA256641f30c10af5e892fff394eb39c2d4905ab7851e3146262ca9d6fa8f09163ea5
SHA512b4188e1fd182db4689b6b1aa32d9aa51b882396d49b662df41e1d3d8507c2087fa10136c29c5ec6671e88628fdfba42ebc90c2913f591dd66c7509e24e5d833b
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\icons\minimize.svgFilesize
230B
MD55da2dfbd12c9aacdb03ce0d6dc414a8d
SHA19eccc4092745b13f051d90273af78a6f64a21348
SHA25660a44cb1aecc5a3b6ed5b4224ce83ca001ec42fe22e33b0eccb183b74bb9b4a4
SHA512e7d906f34258bed095aa1358c2dbf575f22ffb8d77e57391e23477801939b0907c927373fe4cc99ebdd30ba5be0adaadad76fbdbc6060788d7869c9047b2049f
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\flutter_assets\resources\images\opera_browser.pngFilesize
61KB
MD5ee77265024d099499b48ab29fc620991
SHA14fdd41d8037830e9a7849decf73876443812fc83
SHA2566254fc83f3b710db8739ad4e70417e5f77adca61c0908e88f272689619578aa0
SHA512cb532a61118e83d350bc9e36f4dfafc5b31d3809154a78b50b2027b01cd1fed07fd4ec0efe9346826e5a827cee150f6cd2ca2285a46a55e8539febf3a1d6b293
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\data\icudtl.datFilesize
796KB
MD5dc1d7fbeacfb517e801dcb886074ed42
SHA1ab969ca7aace910f9c906d5ed7473a79caccafc5
SHA256b00f83f6938d2ec735ac8f970c779f8ff28063b91a73d022b7a954bb85231c38
SHA512085815b511544f531effffc46b0ed5cde5834d4c85497487fa5cbd8e7b3dbfef597b63c47c92b5512a1f80e7924ea41ba797c3b90d2818d34630a7f5f0bc3161
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dllFilesize
15.1MB
MD520016b9e767e0d6d1e40d61ae9364963
SHA12f9f9c13308e1ff8b25c97fe3104eb56116879aa
SHA2562f97295b42cd7e002c9d0967d4469d37a89db8e4b081aa6cc1d62941389b66c7
SHA5122af28ba6dacf29e187112ce34bb1e47bb77d5d60a9eaa5448bdf2eb19383cda2b3b4c749726a9c42f12d20d0177fb76348cc13d5caf42f97b11032e2a7944613
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dllFilesize
15.1MB
MD520016b9e767e0d6d1e40d61ae9364963
SHA12f9f9c13308e1ff8b25c97fe3104eb56116879aa
SHA2562f97295b42cd7e002c9d0967d4469d37a89db8e4b081aa6cc1d62941389b66c7
SHA5122af28ba6dacf29e187112ce34bb1e47bb77d5d60a9eaa5448bdf2eb19383cda2b3b4c749726a9c42f12d20d0177fb76348cc13d5caf42f97b11032e2a7944613
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\flutter_windows.dllFilesize
15.1MB
MD520016b9e767e0d6d1e40d61ae9364963
SHA12f9f9c13308e1ff8b25c97fe3104eb56116879aa
SHA2562f97295b42cd7e002c9d0967d4469d37a89db8e4b081aa6cc1d62941389b66c7
SHA5122af28ba6dacf29e187112ce34bb1e47bb77d5d60a9eaa5448bdf2eb19383cda2b3b4c749726a9c42f12d20d0177fb76348cc13d5caf42f97b11032e2a7944613
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\msvcp140.dllFilesize
558KB
MD5bf78c15068d6671693dfcdfa5770d705
SHA14418c03c3161706a4349dfe3f97278e7a5d8962a
SHA256a88b8c1c8f27bf90fe960e0e8bd56984ad48167071af92d96ec1051f89f827fb
SHA5125b6b0ab4e82cc979eaa619d387c6995198fd19aa0c455bef44bd37a765685575d57448b3b4accd70d3bd20a6cd408b1f518eda0f6dae5aa106f225bee8291372
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140.dllFilesize
94KB
MD511d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140.dllFilesize
94KB
MD511d9ac94e8cb17bd23dea89f8e757f18
SHA1d4fb80a512486821ad320c4fd67abcae63005158
SHA256e1d6f78a72836ea120bd27a33ae89cbdc3f3ca7d9d0231aaa3aac91996d2fa4e
SHA512aa6afd6bea27f554e3646152d8c4f96f7bcaaa4933f8b7c04346e410f93f23cfa6d29362fd5d51ccbb8b6223e094cd89e351f072ad0517553703f5bf9de28778
-
C:\Users\Admin\AppData\Local\Temp\RarSFX0\vcruntime140_1.dllFilesize
36KB
MD57667b0883de4667ec87c3b75bed84d84
SHA1e6f6df83e813ed8252614a46a5892c4856df1f58
SHA25604e7ccbdcad7cbaf0ed28692fb08eab832c38aad9071749037ee7a58f45e9d7d
SHA512968cbaafe416a9e398c5bfd8c5825fa813462ae207d17072c035f916742517edc42349a72ab6795199d34ccece259d5f2f63587cfaeb0026c0667632b05c5c74
-
C:\Users\Admin\Downloads\ExLoader_Installer.exeFilesize
9.1MB
MD5354caa14510e3353cd00943d7a594638
SHA1242c2ac3c799f857163bed3239b9462d23a2c03b
SHA25601c606788092791f2155ebfbe65556ee69c758c1b32225b983f09cb9030a4507
SHA5129fa06dbb23c474cfbbbdd73ca98d74cc7a16f634fbf41e848b48fb31a2f3c5db1d0b7b0f9962aba81ce0704e3f68ac1c0b7d575ea0c350f964da9f9a4bed6828
-
C:\Users\Admin\Downloads\ExLoader_Installer.exeFilesize
9.1MB
MD5354caa14510e3353cd00943d7a594638
SHA1242c2ac3c799f857163bed3239b9462d23a2c03b
SHA25601c606788092791f2155ebfbe65556ee69c758c1b32225b983f09cb9030a4507
SHA5129fa06dbb23c474cfbbbdd73ca98d74cc7a16f634fbf41e848b48fb31a2f3c5db1d0b7b0f9962aba81ce0704e3f68ac1c0b7d575ea0c350f964da9f9a4bed6828
-
\??\pipe\crashpad_2320_CNYXMKAFAXARXHQJMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/208-238-0x0000000000000000-mapping.dmp
-
memory/364-221-0x0000000000000000-mapping.dmp
-
memory/424-172-0x0000000000000000-mapping.dmp
-
memory/516-166-0x0000000000000000-mapping.dmp
-
memory/616-213-0x0000000000400000-0x00000000008F5000-memory.dmpFilesize
5.0MB
-
memory/616-211-0x0000000000000000-mapping.dmp
-
memory/616-278-0x0000000000400000-0x00000000008F5000-memory.dmpFilesize
5.0MB
-
memory/636-152-0x0000022F13E30000-0x0000022F143F5000-memory.dmpFilesize
5.8MB
-
memory/636-151-0x0000022F13E30000-0x0000022F143F5000-memory.dmpFilesize
5.8MB
-
memory/636-153-0x0000022F13E30000-0x0000022F143F5000-memory.dmpFilesize
5.8MB
-
memory/636-137-0x0000000000000000-mapping.dmp
-
memory/876-218-0x0000000000000000-mapping.dmp
-
memory/984-231-0x0000000000000000-mapping.dmp
-
memory/1036-168-0x0000000000000000-mapping.dmp
-
memory/1184-228-0x0000000000000000-mapping.dmp
-
memory/1232-229-0x000001B48D600000-0x000001B48E0C1000-memory.dmpFilesize
10.8MB
-
memory/1232-232-0x000001B48D600000-0x000001B48E0C1000-memory.dmpFilesize
10.8MB
-
memory/1232-227-0x0000000000000000-mapping.dmp
-
memory/1276-244-0x0000000000000000-mapping.dmp
-
memory/1288-219-0x0000000000000000-mapping.dmp
-
memory/1300-180-0x0000000000000000-mapping.dmp
-
memory/1312-194-0x0000000000000000-mapping.dmp
-
memory/1328-246-0x0000000000000000-mapping.dmp
-
memory/1424-277-0x0000000000400000-0x00000000008F5000-memory.dmpFilesize
5.0MB
-
memory/1424-212-0x0000000000400000-0x00000000008F5000-memory.dmpFilesize
5.0MB
-
memory/1424-210-0x0000000000000000-mapping.dmp
-
memory/1712-198-0x0000029843110000-0x0000029843E21000-memory.dmpFilesize
13.1MB
-
memory/1712-195-0x0000029843110000-0x0000029843E21000-memory.dmpFilesize
13.1MB
-
memory/1712-190-0x0000000000000000-mapping.dmp
-
memory/1712-197-0x0000029843110000-0x0000029843E21000-memory.dmpFilesize
13.1MB
-
memory/1788-176-0x0000000000000000-mapping.dmp
-
memory/1824-181-0x0000000000000000-mapping.dmp
-
memory/2296-348-0x00007FFBFDF20000-0x00007FFBFE9E1000-memory.dmpFilesize
10.8MB
-
memory/2296-349-0x00007FFBFDF20000-0x00007FFBFE9E1000-memory.dmpFilesize
10.8MB
-
memory/2376-170-0x0000000000000000-mapping.dmp
-
memory/2420-217-0x0000000000000000-mapping.dmp
-
memory/2448-248-0x0000000000000000-mapping.dmp
-
memory/2864-237-0x0000000000000000-mapping.dmp
-
memory/2888-191-0x0000000000000000-mapping.dmp
-
memory/3132-223-0x0000000000000000-mapping.dmp
-
memory/3212-226-0x0000000000000000-mapping.dmp
-
memory/3304-188-0x00007FFBF9FB0000-0x00007FFBFAA71000-memory.dmpFilesize
10.8MB
-
memory/3304-182-0x0000000000000000-mapping.dmp
-
memory/3304-186-0x00007FFBF9FB0000-0x00007FFBFAA71000-memory.dmpFilesize
10.8MB
-
memory/3320-193-0x0000000000000000-mapping.dmp
-
memory/3492-214-0x0000000000000000-mapping.dmp
-
memory/3572-173-0x0000000000000000-mapping.dmp
-
memory/3628-339-0x0000000002481000-0x0000000002484000-memory.dmpFilesize
12KB
-
memory/3656-239-0x0000000000000000-mapping.dmp
-
memory/3776-222-0x0000000000000000-mapping.dmp
-
memory/3776-340-0x0000000000721000-0x0000000000725000-memory.dmpFilesize
16KB
-
memory/3856-275-0x0000000000400000-0x00000000008F5000-memory.dmpFilesize
5.0MB
-
memory/3856-201-0x0000000000400000-0x00000000008F5000-memory.dmpFilesize
5.0MB
-
memory/3856-185-0x00007FFBF9FB0000-0x00007FFBFAA71000-memory.dmpFilesize
10.8MB
-
memory/3856-174-0x0000000000000000-mapping.dmp
-
memory/3856-175-0x00000168F3DC0000-0x00000168F3DE2000-memory.dmpFilesize
136KB
-
memory/3856-177-0x00007FFBF9FB0000-0x00007FFBFAA71000-memory.dmpFilesize
10.8MB
-
memory/3856-196-0x0000000000000000-mapping.dmp
-
memory/3872-224-0x0000000000000000-mapping.dmp
-
memory/3904-206-0x0000000000000000-mapping.dmp
-
memory/3904-254-0x0000000000000000-mapping.dmp
-
memory/3924-235-0x0000000000000000-mapping.dmp
-
memory/4072-250-0x0000000000000000-mapping.dmp
-
memory/4072-220-0x0000000000000000-mapping.dmp
-
memory/4112-202-0x0000000000000000-mapping.dmp
-
memory/4168-167-0x0000000000000000-mapping.dmp
-
memory/4248-215-0x0000000000000000-mapping.dmp
-
memory/4268-169-0x0000000000000000-mapping.dmp
-
memory/4288-178-0x0000000000000000-mapping.dmp
-
memory/4332-171-0x0000000000000000-mapping.dmp
-
memory/4356-252-0x0000000000000000-mapping.dmp
-
memory/4456-179-0x0000000000000000-mapping.dmp
-
memory/4480-242-0x0000000000000000-mapping.dmp
-
memory/4548-207-0x0000000000000000-mapping.dmp
-
memory/4548-209-0x0000000000400000-0x00000000008F5000-memory.dmpFilesize
5.0MB
-
memory/4592-256-0x0000000000000000-mapping.dmp
-
memory/4592-230-0x0000000000000000-mapping.dmp
-
memory/4632-203-0x0000000000000000-mapping.dmp
-
memory/4672-241-0x0000000000000000-mapping.dmp
-
memory/4756-208-0x0000000000400000-0x00000000008F5000-memory.dmpFilesize
5.0MB
-
memory/4756-204-0x0000000000000000-mapping.dmp
-
memory/4756-276-0x0000000000400000-0x00000000008F5000-memory.dmpFilesize
5.0MB
-
memory/4812-334-0x00007FFBFE880000-0x00007FFBFF341000-memory.dmpFilesize
10.8MB
-
memory/4812-333-0x00007FFBFE880000-0x00007FFBFF341000-memory.dmpFilesize
10.8MB
-
memory/4832-335-0x0000000008C60000-0x0000000008C73000-memory.dmpFilesize
76KB
-
memory/4884-225-0x0000000000000000-mapping.dmp
-
memory/4920-134-0x0000000000000000-mapping.dmp
-
memory/4936-233-0x0000000000000000-mapping.dmp
-
memory/4952-205-0x0000000000000000-mapping.dmp
-
memory/5056-234-0x0000000000000000-mapping.dmp
-
memory/5072-216-0x0000000000000000-mapping.dmp
-
memory/5096-192-0x0000000000000000-mapping.dmp
-
memory/5132-258-0x0000000000000000-mapping.dmp
-
memory/5136-325-0x00007FFBFE880000-0x00007FFBFF341000-memory.dmpFilesize
10.8MB
-
memory/5136-326-0x00007FFBFE880000-0x00007FFBFF341000-memory.dmpFilesize
10.8MB
-
memory/5172-332-0x00007FFBFE880000-0x00007FFBFF341000-memory.dmpFilesize
10.8MB
-
memory/5172-331-0x00007FFBFE880000-0x00007FFBFF341000-memory.dmpFilesize
10.8MB
-
memory/5268-350-0x00007FFBFDF20000-0x00007FFBFE9E1000-memory.dmpFilesize
10.8MB
-
memory/5268-351-0x00007FFBFDF20000-0x00007FFBFE9E1000-memory.dmpFilesize
10.8MB
-
memory/5588-328-0x00007FFBFE880000-0x00007FFBFF341000-memory.dmpFilesize
10.8MB
-
memory/5588-327-0x00007FFBFE880000-0x00007FFBFF341000-memory.dmpFilesize
10.8MB
-
memory/5804-353-0x00007FFBFDF20000-0x00007FFBFE9E1000-memory.dmpFilesize
10.8MB
-
memory/5804-352-0x00007FFBFDF20000-0x00007FFBFE9E1000-memory.dmpFilesize
10.8MB
-
memory/5828-329-0x00007FFBFE880000-0x00007FFBFF341000-memory.dmpFilesize
10.8MB
-
memory/5828-330-0x00007FFBFE880000-0x00007FFBFF341000-memory.dmpFilesize
10.8MB
-
memory/5888-347-0x00007FFBFDF20000-0x00007FFBFE9E1000-memory.dmpFilesize
10.8MB
-
memory/5888-346-0x00007FFBFDF20000-0x00007FFBFE9E1000-memory.dmpFilesize
10.8MB
