Overview

overview

8

Static

static

TLauncher-....1.exe

windows10-1703-x64

8

Analysis

  • max time kernel
    148s
  • max time network
    151s
  • platform
    windows10-1703_x64
  • resource
    win10-20220901-en
  • resource tags

    arch:x64arch:x86image:win10-20220901-enlocale:en-usos:windows10-1703-x64system
  • submitted
    28-12-2022 01:22

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    TLauncher-2.86-Installer-1.0.1.exe

  • Size

    21.7MB

  • MD5

    f643be370cc9763a17f7746b1b6a0243

  • SHA1

    c65391f59a6e1421d783eaf43eb9661cfd476f82

  • SHA256

    5ab5f39d143b6ff77df2fd5026ac8e4788edfd3de27a4e1fa4b420a7d2f61d38

  • SHA512

    5ce377dc1a4a59723cf2b969c0cadb3197e5bf61d0064e2e8c94a0be9d4fd1cd9b33e05078a17e89f54b763e180be32ce14b46949a58ff47e5df18183291142f

  • SSDEEP

    393216:WXYwVCtYto0fs/dQETVlOBbpFEj9GZdqV56HpkbGCST7yuk9sLx:WowVCWTHExiTTqqHpMsV

Score
8/10
discoverypersistencespywarestealerupx

Malware Config

Signatures

  • Downloads MZ/PE file
  • Executes dropped EXE 64 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • UPX packed file 26 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 17 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 64 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Adds Run key to start application 2 TTPs 6 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops desktop.ini file(s) 1 IoCs
  • Enumerates connected drives 3 TTPs 3 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Program Files directory 12 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Checks SCSI registry key(s) 3 TTPs 4 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 5 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies registry class 45 IoCs
  • Modifies system certificate store 2 TTPs 16 IoCs
    evasionspywaretrojan
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 44 IoCs
  • Suspicious use of FindShellTrayWindow 3 IoCs
  • Suspicious use of SendNotifyMessage 2 IoCs
  • Suspicious use of SetWindowsHookEx 36 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe
    "C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:4908
    • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1908426 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.86-Installer-1.0.1.exe" "__IRCT:3" "__IRTSS:22693301" "__IRSID:S-1-5-21-2368682536-4045190062-1465778271-1000"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3012
      • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
        "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:4408
        • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
          "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1814730 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1839152" "__IRSID:S-1-5-21-2368682536-4045190062-1465778271-1000"
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • Suspicious use of SetWindowsHookEx
          • Suspicious use of WriteProcessMemory
          PID:1244
          • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
            "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Enumerates connected drives
            • Modifies system certificate store
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:4264
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x2fc,0x300,0x304,0x2d8,0x308,0x6ee08658,0x6ee08668,0x6ee08674
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of SetWindowsHookEx
              PID:4104
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Suspicious use of SetWindowsHookEx
              PID:4640
            • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
              "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4264 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20221228012315" --session-guid=bde5c8a0-e595-4f4c-9ce8-9ce07f055462 --server-tracking-blob=MGIzNmM1ZjY1YWM0Mjc3YzZkYjQyNGM2YTg4ZjQwYzBjMDZkODNjZjkwNDcxNGUwYWM4MjE2OWUyOTJmOWYwYTp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzIxOTA1OTAuMTEwNyIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiOTNiYjU3ZTItNDJjNC00MWE1LWFmOWQtZmExNWE1Y2MwMjBiIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=0805000000000000
              6⤵
              • Executes dropped EXE
              • Loads dropped DLL
              • Enumerates connected drives
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:1224
              • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x308,0x30c,0x310,0x2d8,0x314,0x6e3a8658,0x6e3a8668,0x6e3a8674
                7⤵
                • Executes dropped EXE
                • Loads dropped DLL
                • Suspicious use of SetWindowsHookEx
                PID:4196
              • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\installer.exe
                "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\installer.exe" --backend --initial-pid=4264 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151" --session-guid=bde5c8a0-e595-4f4c-9ce8-9ce07f055462 --server-tracking-blob=MGIzNmM1ZjY1YWM0Mjc3YzZkYjQyNGM2YTg4ZjQwYzBjMDZkODNjZjkwNDcxNGUwYWM4MjE2OWUyOTJmOWYwYTp7ImNvdW50cnkiOiJVUyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzIxOTA1OTAuMTEwNyIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiOTNiYjU3ZTItNDJjNC00MWE1LWFmOWQtZmExNWE1Y2MwMjBiIn0= --silent --desktopshortcut=1 --install-subfolder=94.0.4606.38
                7⤵
                • Executes dropped EXE
                • Registers COM server for autorun
                • Checks computer location settings
                • Loads dropped DLL
                • Enumerates connected drives
                • Modifies registry class
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SetWindowsHookEx
                • Suspicious use of WriteProcessMemory
                PID:4432
                • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\installer.exe
                  C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x7ffbf8e42c98,0x7ffbf8e42ca8,0x7ffbf8e42cb8
                  8⤵
                  • Executes dropped EXE
                  • Loads dropped DLL
                  • Suspicious use of SetWindowsHookEx
                  PID:3752
                • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\installer_helper_64.exe
                  "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\installer_helper_64.exe" 1 "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\Opera Browser.lnk"
                  8⤵
                  • Executes dropped EXE
                  • Checks computer location settings
                  • Modifies registry class
                  • Suspicious use of SetWindowsHookEx
                  PID:1800
                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\assistant_installer.exe
                  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\assistant_installer.exe" --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera\assistant" --copyonly=0 --allusers=0
                  8⤵
                  • Executes dropped EXE
                  • Adds Run key to start application
                  • Modifies Internet Explorer settings
                  • Suspicious use of SetWindowsHookEx
                  • Suspicious use of WriteProcessMemory
                  PID:2388
                  • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\assistant_installer.exe
                    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x260,0x264,0x268,0x23c,0x26c,0xc32dc0,0xc32dd0,0xc32ddc
                    9⤵
                    • Executes dropped EXE
                    • Suspicious use of SetWindowsHookEx
                    PID:4288
                • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                  "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized
                  8⤵
                  • Executes dropped EXE
                  • Suspicious use of SetWindowsHookEx
                  PID:3172
                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher
                    9⤵
                    • Executes dropped EXE
                    • Loads dropped DLL
                    • Enumerates system info in registry
                    • Suspicious use of SetWindowsHookEx
                    PID:3684
                    • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_crashreporter.exe
                      C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x2b4,0x2b8,0x2bc,0x290,0x2c0,0x7ffbee2ca490,0x7ffbee2ca4a0,0x7ffbee2ca4b0
                      10⤵
                      • Executes dropped EXE
                      • Suspicious use of SetWindowsHookEx
                      PID:4408
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1508 --field-trial-handle=1864,i,8902815959358434273,8958153715605654471,131072 /prefetch:2
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of SetWindowsHookEx
                      PID:4944
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1800 --field-trial-handle=1864,i,8902815959358434273,8958153715605654471,131072 /prefetch:8
                      10⤵
                      • Executes dropped EXE
                      • Loads dropped DLL
                      • Suspicious use of SetWindowsHookEx
                      PID:440
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\_sfx.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\_sfx.exe"
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              PID:504
            • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\assistant_installer.exe
              "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\assistant_installer.exe" --version
              6⤵
              • Executes dropped EXE
              • Suspicious use of SetWindowsHookEx
              • Suspicious use of WriteProcessMemory
              PID:4068
              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\assistant_installer.exe
                "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x2b4,0x2b8,0x2bc,0x290,0x2c0,0xc32dc0,0xc32dd0,0xc32ddc
                7⤵
                • Executes dropped EXE
                • Suspicious use of SetWindowsHookEx
                PID:4276
      • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
        "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:1244
        • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
          "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
          4⤵
          • Drops file in Program Files directory
          • Suspicious use of SetWindowsHookEx
          PID:4940
  • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
    "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
    1⤵
    • Executes dropped EXE
    • Suspicious use of WriteProcessMemory
    PID:3820
    • C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
      2⤵
      • Suspicious use of SetWindowsHookEx
      PID:688
  • C:\Windows\System32\GameBarPresenceWriter.exe
    "C:\Windows\System32\GameBarPresenceWriter.exe" -ServerName:Windows.Gaming.GameBar.Internal.PresenceWriterServer
    1⤵
      PID:1912
    • C:\Windows\System32\bcastdvr.exe
      "C:\Windows\System32\bcastdvr.exe" -ServerName:Windows.Media.Capture.Internal.BroadcastDVRServer
      1⤵
      • Drops desktop.ini file(s)
      PID:1748
    • C:\Windows\System32\GamePanel.exe
      "C:\Windows\System32\GamePanel.exe" 00000000000701AC /startuptips
      1⤵
      • Checks SCSI registry key(s)
      PID:1428
    • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe" --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera\assistant" --run-assistant --allusers=0
      1⤵
      • Executes dropped EXE
      • Suspicious use of WriteProcessMemory
      PID:820
      • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe
        C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x14b2dc0,0x14b2dd0,0x14b2ddc
        2⤵
        • Executes dropped EXE
        PID:4840
      • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe"
        2⤵
        • Executes dropped EXE
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        • Suspicious use of WriteProcessMemory
        PID:1972
        • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
          3⤵
            PID:3268
          • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
            C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x290,0x294,0x298,0x228,0x29c,0x6d23f8,0x6d2408,0x6d2414
            3⤵
            • Executes dropped EXE
            PID:2464
            • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
              "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
              4⤵
              • Executes dropped EXE
              PID:2176
            • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
              "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
              4⤵
              • Executes dropped EXE
              PID:5708
            • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
              "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
              4⤵
              • Executes dropped EXE
              PID:5752
          • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
            "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --stream
            3⤵
            • Executes dropped EXE
            PID:5832
      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
        1⤵
        • Executes dropped EXE
        • Checks computer location settings
        • Loads dropped DLL
        • Adds Run key to start application
        • Enumerates system info in registry
        • Modifies system certificate store
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4908
        • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_crashreporter.exe
          C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x2ac,0x2b0,0x2b4,0x288,0x2b8,0x7ffbee2ca490,0x7ffbee2ca4a0,0x7ffbee2ca4b0
          2⤵
          • Executes dropped EXE
          PID:4468
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1612 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:2
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1404
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1828 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3152
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2112 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4388
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2696 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3772
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2708 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:4336
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2732 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3268
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2748 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:1172
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2760 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:3464
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2772 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2468
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3224 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Loads dropped DLL
          PID:2736
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=3232 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Loads dropped DLL
          PID:3784
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=4272 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Loads dropped DLL
          PID:1856
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=4316 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Loads dropped DLL
          PID:5048
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=4424 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Loads dropped DLL
          PID:976
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4432 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Loads dropped DLL
          PID:2364
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4944 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Loads dropped DLL
          PID:5040
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=5260 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          • Loads dropped DLL
          PID:5104
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=5520 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          • Loads dropped DLL
          PID:2732
        • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
          2⤵
          • Executes dropped EXE
          PID:5352
          • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe
            C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff620949b38,0x7ff620949b48,0x7ff620949b58
            3⤵
            • Executes dropped EXE
            PID:5388
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=6456 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          PID:1688
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=5904 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
          2⤵
          • Executes dropped EXE
          PID:3012
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=6480 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          PID:5720
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=5728 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          PID:4248
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=6492 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          PID:5756
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --mojo-platform-channel-handle=6508 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:1
          2⤵
          • Executes dropped EXE
          • Checks computer location settings
          PID:5912
        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=5792 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
          2⤵
            PID:6020
          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6548 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
            2⤵
              PID:6072
            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=5992 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
              2⤵
                PID:4244
              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6504 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                2⤵
                  PID:1580
                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=5996 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                  2⤵
                    PID:1424
                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6580 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                    2⤵
                      PID:4556
                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6604 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                      2⤵
                        PID:5328
                      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6616 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                        2⤵
                          PID:3736
                        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6628 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                          2⤵
                            PID:5404
                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6640 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                            2⤵
                              PID:5564
                            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6004 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                              2⤵
                                PID:2272
                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6660 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                2⤵
                                  PID:820
                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6708 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                  2⤵
                                    PID:4768
                                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6740 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                    2⤵
                                      PID:2924
                                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6744 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                      2⤵
                                        PID:5932
                                      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6756 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                        2⤵
                                          PID:5076
                                        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=6816 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:1
                                          2⤵
                                          • Checks computer location settings
                                          PID:5900
                                        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6836 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                          2⤵
                                            PID:2728
                                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6872 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                            2⤵
                                              PID:3980
                                            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6832 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                              2⤵
                                                PID:3760
                                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6956 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                                2⤵
                                                  PID:1328
                                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6972 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                                  2⤵
                                                    PID:4048
                                                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6876 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                                    2⤵
                                                      PID:5296
                                                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=9336 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                                      2⤵
                                                        PID:3796
                                                      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=7028 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                                        2⤵
                                                          PID:3780
                                                        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=5264 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                                          2⤵
                                                            PID:4428
                                                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3804 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                                            2⤵
                                                              PID:4260
                                                            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3772 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                                              2⤵
                                                                PID:1012
                                                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3148 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                                                2⤵
                                                                  PID:3752
                                                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2724 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                                                  2⤵
                                                                    PID:5644
                                                                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=9056 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                                                    2⤵
                                                                      PID:1244
                                                                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=9088 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                                                      2⤵
                                                                        PID:6024
                                                                      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=9072 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                                                        2⤵
                                                                          PID:4432
                                                                        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:cashback=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:startpage-sync-banner-ref=on --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=7456 --field-trial-handle=1716,i,15434357634142763155,10381320261951287097,131072 /prefetch:8
                                                                          2⤵
                                                                            PID:5636
                                                                          • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe
                                                                            "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe" --edition --host=https://autoupdate.geo.opera.com/ --installationdatadir="C:\Users\Admin\AppData\Local\Programs\Opera" --installdir="C:\Users\Admin\AppData\Local\Programs\Opera" --lang=en-US --pipeid --producttype --requesttype=shutdown --version=94.0.4606.38 --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --firstrunver=94.0.4606.38 --firstrunts=1672190679 --consent-info=eyJzdGF0aXN0aWNzX2NvbGxlY3Rpb25fZW5hYmxlZCI6dHJ1ZSwidXNlcl9leHBlcmllbmNlX21ldHJpY3NfcmVwb3J0aW5nX2VuYWJsZWQiOnRydWV9
                                                                            2⤵
                                                                              PID:4512
                                                                              • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe
                                                                                C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff620949b38,0x7ff620949b48,0x7ff620949b58
                                                                                3⤵
                                                                                  PID:2924
                                                                            • C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
                                                                              C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=94.0.4606.38 --newautoupdaterlogic
                                                                              1⤵
                                                                              • Executes dropped EXE
                                                                              PID:5364
                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
                                                                                "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
                                                                                2⤵
                                                                                • Executes dropped EXE
                                                                                PID:5628
                                                                              • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe
                                                                                "C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe" --pipeid=oauc_task_pipedcbb8f53eff625f232ff45d764476217 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015" --scheduledtask
                                                                                2⤵
                                                                                • Executes dropped EXE
                                                                                PID:5652
                                                                                • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe
                                                                                  C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\opera_autoupdate.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\Crash Reports" --crash-count-file=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\crash_count.txt --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff620949b38,0x7ff620949b48,0x7ff620949b58
                                                                                  3⤵
                                                                                  • Executes dropped EXE
                                                                                  PID:5680
                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
                                                                                  "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
                                                                                  3⤵
                                                                                    PID:6004
                                                                              • C:\Windows\system32\wbem\unsecapp.exe
                                                                                C:\Windows\system32\wbem\unsecapp.exe -Embedding
                                                                                1⤵
                                                                                  PID:5964

                                                                                Network

                                                                                MITRE ATT&CK Enterprise v6

                                                                                Replay Monitor

                                                                                Loading Replay Monitor...

                                                                                Downloads

                                                                                • C:\Users\Admin\.oracle_jre_usage\90737d32e3aba4b.timestamp
                                                                                  Filesize

                                                                                  50B

                                                                                  MD5

                                                                                  742ffd0189f17d23d0aa53639c91264f

                                                                                  SHA1

                                                                                  79ba14b1b367ea25c9a949bfc2c8e51b7f76256e

                                                                                  SHA256

                                                                                  f2fdca1b75693271901a0bacfe50008d4a380dba95c48955d61c6848c0bbc852

                                                                                  SHA512

                                                                                  b46995f9d36640e7d9e98073d471818c845b1abacc4d4128aa4d4342aeee3f6fd1c56508495f75c0d9a9b650aaf8111f703f20a3d2527485f0a154686ab377e8

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                  Filesize

                                                                                  471B

                                                                                  MD5

                                                                                  da5a9f149955d936a31dc5e456666aac

                                                                                  SHA1

                                                                                  195238d41c1e13448f349f43bb295ef2d55cb47a

                                                                                  SHA256

                                                                                  79ac574c7c45144bb35b59ff79c78dc59b66592715dea01b389e3620db663224

                                                                                  SHA512

                                                                                  60d7d1f5405470ba1e6b80066af2e78240acbea8db58b5a03660874605178aebaa9ce342ca97f17798109e7411e82466db5af064e39eaddc05410f2abe672f77

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_E038F53AB7923C2338B10205E774351A
                                                                                  Filesize

                                                                                  727B

                                                                                  MD5

                                                                                  8dc33f73103b71cfd0d2dda13f8d1a32

                                                                                  SHA1

                                                                                  dd4122c2f5ccce2cd4e68d28ec071e5d67431b88

                                                                                  SHA256

                                                                                  72afe1d8a87f72a9e097b7c25032b00d661635bedff4292589db21a53e921e05

                                                                                  SHA512

                                                                                  8cb9dc24df69de3d23afa6f488d2730afd95d705974e4feca6339e7080871b1e3b95c60258c5716155472da1735c65c0b152ade9aec4a2981900e0353b4c2203

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
                                                                                  Filesize

                                                                                  471B

                                                                                  MD5

                                                                                  3644127eb43499729c0f4e9cc43b9893

                                                                                  SHA1

                                                                                  678b8fd186a7529e87cfd16ac8416a5bd9618b57

                                                                                  SHA256

                                                                                  cf805d516e1dd8f2dcec66b01af1b1ae47b7c1175275b6ca0e6935842fa50f6a

                                                                                  SHA512

                                                                                  6c771c2c1f37979cd64c0a5576d730060940826d068cf5d284ee1a38d8257263116d3ab4254465f69d0759e99da007582d10272d526fd1e20af6b488622856ed

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                  Filesize

                                                                                  727B

                                                                                  MD5

                                                                                  ddaabfaeb5297284372f878514b35e01

                                                                                  SHA1

                                                                                  ebc6206a3396ec69635c289ab7dad4fb4715afd7

                                                                                  SHA256

                                                                                  d1b21e9ad22843f78e6f82422505f8396c06416a919bf97bf61383a44690be14

                                                                                  SHA512

                                                                                  24383dc912ec843f686751c3f3ec21d4c52396fbddd255e4990afbfd41c69057c73c580deb792769d766e5aff16c5ad4dbbc8e88a2972f85902dc661a5e41abf

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
                                                                                  Filesize

                                                                                  430B

                                                                                  MD5

                                                                                  c7474a495c56bf129ac045d71c48f5a7

                                                                                  SHA1

                                                                                  340cdd4b53b31ff6197ee83d4c99d070f9ca25fb

                                                                                  SHA256

                                                                                  247453e1a154715219ebd46dfa517746bdfac7400e8b196e8b58c9b7da18eaec

                                                                                  SHA512

                                                                                  fb9344c7f011f6ff2c34e8c334ad784e30330ae0305d16eb8e1873ba50fe6be18e1339d9482f40caf3e4f8f4a887c3c674bd8992405ea5fce4fa619e55e791f2

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_E038F53AB7923C2338B10205E774351A
                                                                                  Filesize

                                                                                  434B

                                                                                  MD5

                                                                                  31c6df6997922253359b51556cb7a4bc

                                                                                  SHA1

                                                                                  c0078acd8bf0ed17d137c9b10381322e037617cb

                                                                                  SHA256

                                                                                  4673ab0cc4fbb7b6e680e6031f87e9b872e260cae909d670dffc8753c8a8ce15

                                                                                  SHA512

                                                                                  1b4a2c985fe31aff511f46a6bd43e933285ea1724979cd9f2fd8d8af0179dba18d525dfe50174f0fba7e6128ee3272343ddf8551813c4d281f5cc1ed5ba33737

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
                                                                                  Filesize

                                                                                  434B

                                                                                  MD5

                                                                                  0e47ae14b622e952e4ac7f98923c06f5

                                                                                  SHA1

                                                                                  c46b435e294474087caeb61faffac44c1ecb2d63

                                                                                  SHA256

                                                                                  8c06a6e284a9d8a74cc3a4cc07613126a1062df7e9c3c3486b29ba95b14dcc89

                                                                                  SHA512

                                                                                  d4ed9de706b5be167817dbf0fac97bea07439a4052cca88b715b6c5e3bd07132b0d61a75eda48283493ae8cb23671903868546e5f16d634d8861c5229e7dadf8

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
                                                                                  Filesize

                                                                                  442B

                                                                                  MD5

                                                                                  adde878b96d8c4f4509ef0e3d42dc2b5

                                                                                  SHA1

                                                                                  d2d005447e316ddbe0c5c157f0eb9ed7c01777e9

                                                                                  SHA256

                                                                                  2ac1e6ab08c36ef2e4d5e423f7dd6f89763d9da582a5f80614061938b474390d

                                                                                  SHA512

                                                                                  e163f54268d6fb5e07bb5b53dbe87f0c5254dd2b2d01713b9829d874bf60f2e8a9dacbfa88bc164820eed58ed0e4f5bd54ea3beeb62811ef0e88cd600877a9f0

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\installer.exe
                                                                                  Filesize

                                                                                  6.0MB

                                                                                  MD5

                                                                                  36bc69561fddfab76d793b276624c978

                                                                                  SHA1

                                                                                  f106229ace438e865ca631c22d4296180c61d8df

                                                                                  SHA256

                                                                                  daa18c3cceb8cda01a0109d32c87f75ddd9634f40c40a5fa3132b259a23a7c8f

                                                                                  SHA512

                                                                                  372294dd165c54dc6807816da75e28dd51ca13d00d56c8da6d40e2c421b63e035cb7008d47a2e45a8dd3d5b6e7fc2c0286cc0473442fe686b40181d947dd869d

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\installer.exe
                                                                                  Filesize

                                                                                  6.0MB

                                                                                  MD5

                                                                                  36bc69561fddfab76d793b276624c978

                                                                                  SHA1

                                                                                  f106229ace438e865ca631c22d4296180c61d8df

                                                                                  SHA256

                                                                                  daa18c3cceb8cda01a0109d32c87f75ddd9634f40c40a5fa3132b259a23a7c8f

                                                                                  SHA512

                                                                                  372294dd165c54dc6807816da75e28dd51ca13d00d56c8da6d40e2c421b63e035cb7008d47a2e45a8dd3d5b6e7fc2c0286cc0473442fe686b40181d947dd869d

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.38\installer_helper_64.exe
                                                                                  Filesize

                                                                                  1.1MB

                                                                                  MD5

                                                                                  518485e6073f6aeca22968bc85e2ed54

                                                                                  SHA1

                                                                                  8286f1e516e144edf299bdd3975ceea2b81f3fe2

                                                                                  SHA256

                                                                                  6b13e9359a355e70d0bb4232e5d1ffc32767b3bc6035b33da237ae397b27d3a4

                                                                                  SHA512

                                                                                  b0885709168403c1977928cb141bf2507bf1e760e27b8a85cd48860839ad1320bf8ab6b6726961860239b5f2bb4c7b7fb22c5bf00caf479f23de397af31134e8

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
                                                                                  Filesize

                                                                                  2.7MB

                                                                                  MD5

                                                                                  4d1d191d66521eec37ddb915fb5f5765

                                                                                  SHA1

                                                                                  520f8968ac666327aac6ee6db41791bc6214b1eb

                                                                                  SHA256

                                                                                  0d81da22d05f174685c8dda1c50b827f2a7870b56a70302e48c84c7e31edc6f6

                                                                                  SHA512

                                                                                  88fefa76a7ed2e638999ac3e8c873a3ed93a70142d385cbd002fb3b597a1a2e846ffc0cb7d1d9882e3ad0827bc534617f00edeaed6b9adf813cffc3cfb49bb6d

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
                                                                                  Filesize

                                                                                  2.7MB

                                                                                  MD5

                                                                                  4d1d191d66521eec37ddb915fb5f5765

                                                                                  SHA1

                                                                                  520f8968ac666327aac6ee6db41791bc6214b1eb

                                                                                  SHA256

                                                                                  0d81da22d05f174685c8dda1c50b827f2a7870b56a70302e48c84c7e31edc6f6

                                                                                  SHA512

                                                                                  88fefa76a7ed2e638999ac3e8c873a3ed93a70142d385cbd002fb3b597a1a2e846ffc0cb7d1d9882e3ad0827bc534617f00edeaed6b9adf813cffc3cfb49bb6d

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\Opera Browser.lnk
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  2fb2a0d6b74e26ff4e9269b5b30c5981

                                                                                  SHA1

                                                                                  d950c3d18e283a6f8438464023e2e971e7a0ea0a

                                                                                  SHA256

                                                                                  8634094c2edfed221f399fe2aa6e61721dcf241aa9ce48747bc34d0b0d8d49a2

                                                                                  SHA512

                                                                                  6b20c58647d42ca1675621462cfd1272bd504f0db6b4cf565d278b78e4c5db1e3ac99761113cb3326cc21b976803cc9a15fdbe57bb450e4e02057d5dfd830861

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\_sfx.exe
                                                                                  Filesize

                                                                                  1.7MB

                                                                                  MD5

                                                                                  0238df215bf6943892daf85de8ad433a

                                                                                  SHA1

                                                                                  3d905e4e2c0e9170df61b7a199321847691f945e

                                                                                  SHA256

                                                                                  a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

                                                                                  SHA512

                                                                                  fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\_sfx.exe
                                                                                  Filesize

                                                                                  1.7MB

                                                                                  MD5

                                                                                  0238df215bf6943892daf85de8ad433a

                                                                                  SHA1

                                                                                  3d905e4e2c0e9170df61b7a199321847691f945e

                                                                                  SHA256

                                                                                  a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

                                                                                  SHA512

                                                                                  fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\assistant_installer.exe
                                                                                  Filesize

                                                                                  2.1MB

                                                                                  MD5

                                                                                  9df6e2fbb7e38964f35016bf91ef7424

                                                                                  SHA1

                                                                                  d0c1266dc46814bc6165cf6a69e90581228989a7

                                                                                  SHA256

                                                                                  3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

                                                                                  SHA512

                                                                                  b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\assistant_installer.exe
                                                                                  Filesize

                                                                                  2.1MB

                                                                                  MD5

                                                                                  9df6e2fbb7e38964f35016bf91ef7424

                                                                                  SHA1

                                                                                  d0c1266dc46814bc6165cf6a69e90581228989a7

                                                                                  SHA256

                                                                                  3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

                                                                                  SHA512

                                                                                  b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\assistant_installer.exe
                                                                                  Filesize

                                                                                  2.1MB

                                                                                  MD5

                                                                                  9df6e2fbb7e38964f35016bf91ef7424

                                                                                  SHA1

                                                                                  d0c1266dc46814bc6165cf6a69e90581228989a7

                                                                                  SHA256

                                                                                  3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

                                                                                  SHA512

                                                                                  b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\assistant_installer.exe
                                                                                  Filesize

                                                                                  2.1MB

                                                                                  MD5

                                                                                  9df6e2fbb7e38964f35016bf91ef7424

                                                                                  SHA1

                                                                                  d0c1266dc46814bc6165cf6a69e90581228989a7

                                                                                  SHA256

                                                                                  3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

                                                                                  SHA512

                                                                                  b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\assistant\assistant_installer.exe
                                                                                  Filesize

                                                                                  2.1MB

                                                                                  MD5

                                                                                  9df6e2fbb7e38964f35016bf91ef7424

                                                                                  SHA1

                                                                                  d0c1266dc46814bc6165cf6a69e90581228989a7

                                                                                  SHA256

                                                                                  3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

                                                                                  SHA512

                                                                                  b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\extra_apps
                                                                                  Filesize

                                                                                  21B

                                                                                  MD5

                                                                                  922927f22ef5189300db689f0c9ef022

                                                                                  SHA1

                                                                                  359ab18960786773969268aa8920ed284c136da0

                                                                                  SHA256

                                                                                  7fff1ae3a38aceed8de26fe3de3c43fdc2526210c3f225557ee3c8411175882d

                                                                                  SHA512

                                                                                  015b3384cf3cf62caccd1f1b6db04298bbe2e72dde2618ad66f151effd3bfe8b062f24aa99e6f0acba57120e43b811cf782860fad5ff46b391cc57a006c39ffb

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\installer_prefs_include.json
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  feac0a562822428d4ec8473088c94a9e

                                                                                  SHA1

                                                                                  439fda2a17ffeef35c3247973131f9fa64d0d24a

                                                                                  SHA256

                                                                                  5ddec210dfbff227e773316388c0b58b1de0c50247d0acf94957ad26c1c65abf

                                                                                  SHA512

                                                                                  98e5179d85423b65696bb070254ae331d3bd1ee8eff15a1e3d74f7eb0025b3459d6affd148894aa9557b7968497208e337c116205577603d2dfdf009063f44b1

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\installer_prefs_include.json.backup
                                                                                  Filesize

                                                                                  1KB

                                                                                  MD5

                                                                                  feac0a562822428d4ec8473088c94a9e

                                                                                  SHA1

                                                                                  439fda2a17ffeef35c3247973131f9fa64d0d24a

                                                                                  SHA256

                                                                                  5ddec210dfbff227e773316388c0b58b1de0c50247d0acf94957ad26c1c65abf

                                                                                  SHA512

                                                                                  98e5179d85423b65696bb070254ae331d3bd1ee8eff15a1e3d74f7eb0025b3459d6affd148894aa9557b7968497208e337c116205577603d2dfdf009063f44b1

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\opera_package
                                                                                  Filesize

                                                                                  86.7MB

                                                                                  MD5

                                                                                  31a143013d5b31bf0a19c39ebb26fd93

                                                                                  SHA1

                                                                                  8a9a106585b4de6587c2e5dca51c3e390764d0c4

                                                                                  SHA256

                                                                                  4a38cc4fb9f71279e966d17c64d3d8bf03d61922241d9bd69edf52baac7fad66

                                                                                  SHA512

                                                                                  c06ae3db4711eecc177c8eabf7c91c585224387f301c092558e1efad94dd1f42b80adb04e5b5c4280e9df512ab90e755afd16b9a6f6804834a492dea9b29a41d

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202212280123151\pref_default_overrides
                                                                                  Filesize

                                                                                  57B

                                                                                  MD5

                                                                                  f488c9f9d9d5e631484d4bf155f45442

                                                                                  SHA1

                                                                                  0f0e624770e47bea5186748a9de85c677dd84fa7

                                                                                  SHA256

                                                                                  e6f214ff5ccbbe6e7abcf309138cdcb46d3fe3915e9bbbe8dd3c15afb439f708

                                                                                  SHA512

                                                                                  d72d1daa86e650a0589f6991f7a7bb3b7ca3484d49bc0d0d703b28b8f399f3123df2bf3c949a899fab55bde7d888736f655e462e2cd02ade59bbf9e67df54064

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
                                                                                  Filesize

                                                                                  1.8MB

                                                                                  MD5

                                                                                  f8996d2158a69a12b4bc99edd28100bc

                                                                                  SHA1

                                                                                  892887691df881fe432e09b618e90f50447340e6

                                                                                  SHA256

                                                                                  866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

                                                                                  SHA512

                                                                                  d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
                                                                                  Filesize

                                                                                  1.8MB

                                                                                  MD5

                                                                                  f8996d2158a69a12b4bc99edd28100bc

                                                                                  SHA1

                                                                                  892887691df881fe432e09b618e90f50447340e6

                                                                                  SHA256

                                                                                  866836c68a3c7b313fa6a0ab6d7b9d74112ca07e4709487951ff572938eff547

                                                                                  SHA512

                                                                                  d6856d91ded75901a4af914e66bcdd904a51a2aba24e4762a2986f9a5f4b42f5b758b91c37ee5c9783c5797f19026e7f31e73d0e063f71bf5df8355a3213dd44

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
                                                                                  Filesize

                                                                                  1.3MB

                                                                                  MD5

                                                                                  1313bb5df6c6e0d5c358735044fbebef

                                                                                  SHA1

                                                                                  cac3e2e3ed63dc147318e18f202a9da849830a91

                                                                                  SHA256

                                                                                  7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

                                                                                  SHA512

                                                                                  596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
                                                                                  Filesize

                                                                                  1.3MB

                                                                                  MD5

                                                                                  1313bb5df6c6e0d5c358735044fbebef

                                                                                  SHA1

                                                                                  cac3e2e3ed63dc147318e18f202a9da849830a91

                                                                                  SHA256

                                                                                  7590d0f21687327812a6c61d0429c6df1345b97c53ad7115f03bd4cb2e4f4c8d

                                                                                  SHA512

                                                                                  596d877b3906f877f124d705933391478ed425ad860ca5341493f04050c4605fc8e9a1c890859105da1b6817da5e874e0afaabbc86a80597f296e642795fc33c

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
                                                                                  Filesize

                                                                                  326KB

                                                                                  MD5

                                                                                  80d93d38badecdd2b134fe4699721223

                                                                                  SHA1

                                                                                  e829e58091bae93bc64e0c6f9f0bac999cfda23d

                                                                                  SHA256

                                                                                  c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

                                                                                  SHA512

                                                                                  9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
                                                                                  Filesize

                                                                                  1.3MB

                                                                                  MD5

                                                                                  e7bbc7b426cee4b8027a00b11f06ef34

                                                                                  SHA1

                                                                                  926fad387ede328d3cfd9da80d0b303a865cca98

                                                                                  SHA256

                                                                                  e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

                                                                                  SHA512

                                                                                  f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
                                                                                  Filesize

                                                                                  1.3MB

                                                                                  MD5

                                                                                  e7bbc7b426cee4b8027a00b11f06ef34

                                                                                  SHA1

                                                                                  926fad387ede328d3cfd9da80d0b303a865cca98

                                                                                  SHA256

                                                                                  e7a43c6f10e3e65b8462b6d67c91c628db5402d3209f549e90998c875cf21538

                                                                                  SHA512

                                                                                  f08b4833c1dcb9c2b0f8c90e092275795fda3c20aaec6590504c20a93cb6d50b8ce11301bc3a42d9417c78ddb25a5e991fad688c39d1dede3fce0b67f3e13e70

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
                                                                                  Filesize

                                                                                  326KB

                                                                                  MD5

                                                                                  80d93d38badecdd2b134fe4699721223

                                                                                  SHA1

                                                                                  e829e58091bae93bc64e0c6f9f0bac999cfda23d

                                                                                  SHA256

                                                                                  c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

                                                                                  SHA512

                                                                                  9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                                  Filesize

                                                                                  2.7MB

                                                                                  MD5

                                                                                  4d1d191d66521eec37ddb915fb5f5765

                                                                                  SHA1

                                                                                  520f8968ac666327aac6ee6db41791bc6214b1eb

                                                                                  SHA256

                                                                                  0d81da22d05f174685c8dda1c50b827f2a7870b56a70302e48c84c7e31edc6f6

                                                                                  SHA512

                                                                                  88fefa76a7ed2e638999ac3e8c873a3ed93a70142d385cbd002fb3b597a1a2e846ffc0cb7d1d9882e3ad0827bc534617f00edeaed6b9adf813cffc3cfb49bb6d

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                                  Filesize

                                                                                  2.7MB

                                                                                  MD5

                                                                                  4d1d191d66521eec37ddb915fb5f5765

                                                                                  SHA1

                                                                                  520f8968ac666327aac6ee6db41791bc6214b1eb

                                                                                  SHA256

                                                                                  0d81da22d05f174685c8dda1c50b827f2a7870b56a70302e48c84c7e31edc6f6

                                                                                  SHA512

                                                                                  88fefa76a7ed2e638999ac3e8c873a3ed93a70142d385cbd002fb3b597a1a2e846ffc0cb7d1d9882e3ad0827bc534617f00edeaed6b9adf813cffc3cfb49bb6d

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                                  Filesize

                                                                                  2.7MB

                                                                                  MD5

                                                                                  4d1d191d66521eec37ddb915fb5f5765

                                                                                  SHA1

                                                                                  520f8968ac666327aac6ee6db41791bc6214b1eb

                                                                                  SHA256

                                                                                  0d81da22d05f174685c8dda1c50b827f2a7870b56a70302e48c84c7e31edc6f6

                                                                                  SHA512

                                                                                  88fefa76a7ed2e638999ac3e8c873a3ed93a70142d385cbd002fb3b597a1a2e846ffc0cb7d1d9882e3ad0827bc534617f00edeaed6b9adf813cffc3cfb49bb6d

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                                  Filesize

                                                                                  2.7MB

                                                                                  MD5

                                                                                  4d1d191d66521eec37ddb915fb5f5765

                                                                                  SHA1

                                                                                  520f8968ac666327aac6ee6db41791bc6214b1eb

                                                                                  SHA256

                                                                                  0d81da22d05f174685c8dda1c50b827f2a7870b56a70302e48c84c7e31edc6f6

                                                                                  SHA512

                                                                                  88fefa76a7ed2e638999ac3e8c873a3ed93a70142d385cbd002fb3b597a1a2e846ffc0cb7d1d9882e3ad0827bc534617f00edeaed6b9adf813cffc3cfb49bb6d

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
                                                                                  Filesize

                                                                                  2.7MB

                                                                                  MD5

                                                                                  4d1d191d66521eec37ddb915fb5f5765

                                                                                  SHA1

                                                                                  520f8968ac666327aac6ee6db41791bc6214b1eb

                                                                                  SHA256

                                                                                  0d81da22d05f174685c8dda1c50b827f2a7870b56a70302e48c84c7e31edc6f6

                                                                                  SHA512

                                                                                  88fefa76a7ed2e638999ac3e8c873a3ed93a70142d385cbd002fb3b597a1a2e846ffc0cb7d1d9882e3ad0827bc534617f00edeaed6b9adf813cffc3cfb49bb6d

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
                                                                                  Filesize

                                                                                  647B

                                                                                  MD5

                                                                                  a1a319fa2e9a3ee8bc96175eb9bd1095

                                                                                  SHA1

                                                                                  bfe0c6d53eeca343532f2ee8af0e5c802e2b32fc

                                                                                  SHA256

                                                                                  3fd032449550487c4c7251ad74601657740bd8da397f8cd0b6d97ffe35bb3085

                                                                                  SHA512

                                                                                  24f35c78415efe192b9af593d402e762d072cfd9c27fa89d72a58220c55010938689292c1bdda4a9969e47058118a2cd0efb92cee40fbc826baeecf9605eb437

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
                                                                                  Filesize

                                                                                  5.2MB

                                                                                  MD5

                                                                                  58e22c0ee91280156cdaadacac7acddb

                                                                                  SHA1

                                                                                  189c552c94a9b0ae0208763bca77f2801debc224

                                                                                  SHA256

                                                                                  765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

                                                                                  SHA512

                                                                                  9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
                                                                                  Filesize

                                                                                  5.2MB

                                                                                  MD5

                                                                                  58e22c0ee91280156cdaadacac7acddb

                                                                                  SHA1

                                                                                  189c552c94a9b0ae0208763bca77f2801debc224

                                                                                  SHA256

                                                                                  765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

                                                                                  SHA512

                                                                                  9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
                                                                                  Filesize

                                                                                  5.2MB

                                                                                  MD5

                                                                                  58e22c0ee91280156cdaadacac7acddb

                                                                                  SHA1

                                                                                  189c552c94a9b0ae0208763bca77f2801debc224

                                                                                  SHA256

                                                                                  765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

                                                                                  SHA512

                                                                                  9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Roaming\.tlauncher\doubleRunningProtection.txt
                                                                                  Filesize

                                                                                  13B

                                                                                  MD5

                                                                                  026feeaccf85a05988546765bb23e0c2

                                                                                  SHA1

                                                                                  a35b34af6ce5706dcc9736636ba21dc5cc31b75a

                                                                                  SHA256

                                                                                  b088d7f73edcf0c37ae6cc5e95478d933548759dc286aa4e8d280444c1c09238

                                                                                  SHA512

                                                                                  e9d7f5c7762cfa5067f29bd518e464fd517847eeff685896dca56e8ffb554da32649826bb9ef54d4e36e28ab793a131f2d10832e90f622333e1007ddc422a38d

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
                                                                                  Filesize

                                                                                  40B

                                                                                  MD5

                                                                                  6f4a102db2baeadd2f55d031afc7d84e

                                                                                  SHA1

                                                                                  c89d46a8be224c849e32229c15080f3483cdb55e

                                                                                  SHA256

                                                                                  b0bdd01fcbe7f4e9fb7e8bf1aa232939d5cf8b5bea1c547899efc768c2d2d8ae

                                                                                  SHA512

                                                                                  44a742f56e7c53dedd31fa9029d48058e031ef1c8f0a89c1e69993a71e08c91f0e34bd2e4993ed04aa147f8078426c7539c30c2b2d22b118bc59df1ef0bd07d2

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
                                                                                  Filesize

                                                                                  40B

                                                                                  MD5

                                                                                  6f4a102db2baeadd2f55d031afc7d84e

                                                                                  SHA1

                                                                                  c89d46a8be224c849e32229c15080f3483cdb55e

                                                                                  SHA256

                                                                                  b0bdd01fcbe7f4e9fb7e8bf1aa232939d5cf8b5bea1c547899efc768c2d2d8ae

                                                                                  SHA512

                                                                                  44a742f56e7c53dedd31fa9029d48058e031ef1c8f0a89c1e69993a71e08c91f0e34bd2e4993ed04aa147f8078426c7539c30c2b2d22b118bc59df1ef0bd07d2

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
                                                                                  Filesize

                                                                                  40B

                                                                                  MD5

                                                                                  6f4a102db2baeadd2f55d031afc7d84e

                                                                                  SHA1

                                                                                  c89d46a8be224c849e32229c15080f3483cdb55e

                                                                                  SHA256

                                                                                  b0bdd01fcbe7f4e9fb7e8bf1aa232939d5cf8b5bea1c547899efc768c2d2d8ae

                                                                                  SHA512

                                                                                  44a742f56e7c53dedd31fa9029d48058e031ef1c8f0a89c1e69993a71e08c91f0e34bd2e4993ed04aa147f8078426c7539c30c2b2d22b118bc59df1ef0bd07d2

                                                                                  Download Submit

                                                                                • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
                                                                                  Filesize

                                                                                  40B

                                                                                  MD5

                                                                                  6f4a102db2baeadd2f55d031afc7d84e

                                                                                  SHA1

                                                                                  c89d46a8be224c849e32229c15080f3483cdb55e

                                                                                  SHA256

                                                                                  b0bdd01fcbe7f4e9fb7e8bf1aa232939d5cf8b5bea1c547899efc768c2d2d8ae

                                                                                  SHA512

                                                                                  44a742f56e7c53dedd31fa9029d48058e031ef1c8f0a89c1e69993a71e08c91f0e34bd2e4993ed04aa147f8078426c7539c30c2b2d22b118bc59df1ef0bd07d2

                                                                                  Download Submit

                                                                                • C:\Users\Admin\Videos\Captures\desktop.ini
                                                                                  Filesize

                                                                                  190B

                                                                                  MD5

                                                                                  b0d27eaec71f1cd73b015f5ceeb15f9d

                                                                                  SHA1

                                                                                  62264f8b5c2f5034a1e4143df6e8c787165fbc2f

                                                                                  SHA256

                                                                                  86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

                                                                                  SHA512

                                                                                  7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

                                                                                  Download Submit

                                                                                • \Users\Admin\AppData\Local\Temp\Opera_installer_2212280123109374264.dll
                                                                                  Filesize

                                                                                  4.3MB

                                                                                  MD5

                                                                                  09ce9fd443ba9fb4c7ac6cf5c2b1ae53

                                                                                  SHA1

                                                                                  029a9ab9c36da0756441d8346cbfece76e3820d5

                                                                                  SHA256

                                                                                  ceeb8dd897035807425e9d24d0d2b71d65dccf7d8f834b777a587ba697655581

                                                                                  SHA512

                                                                                  a3aafe2e6cf719b086759989229011ccc078c46bc456fb5a50c3b701cc5f4f8b16a4984b7dca6e51688d31a3ff40443cc80cce10a90a27c9eb5a40799900a893

                                                                                  Download Submit

                                                                                • \Users\Admin\AppData\Local\Temp\Opera_installer_2212280123128284104.dll
                                                                                  Filesize

                                                                                  4.3MB

                                                                                  MD5

                                                                                  09ce9fd443ba9fb4c7ac6cf5c2b1ae53

                                                                                  SHA1

                                                                                  029a9ab9c36da0756441d8346cbfece76e3820d5

                                                                                  SHA256

                                                                                  ceeb8dd897035807425e9d24d0d2b71d65dccf7d8f834b777a587ba697655581

                                                                                  SHA512

                                                                                  a3aafe2e6cf719b086759989229011ccc078c46bc456fb5a50c3b701cc5f4f8b16a4984b7dca6e51688d31a3ff40443cc80cce10a90a27c9eb5a40799900a893

                                                                                  Download Submit

                                                                                • \Users\Admin\AppData\Local\Temp\Opera_installer_2212280123147034640.dll
                                                                                  Filesize

                                                                                  4.3MB

                                                                                  MD5

                                                                                  09ce9fd443ba9fb4c7ac6cf5c2b1ae53

                                                                                  SHA1

                                                                                  029a9ab9c36da0756441d8346cbfece76e3820d5

                                                                                  SHA256

                                                                                  ceeb8dd897035807425e9d24d0d2b71d65dccf7d8f834b777a587ba697655581

                                                                                  SHA512

                                                                                  a3aafe2e6cf719b086759989229011ccc078c46bc456fb5a50c3b701cc5f4f8b16a4984b7dca6e51688d31a3ff40443cc80cce10a90a27c9eb5a40799900a893

                                                                                  Download Submit

                                                                                • \Users\Admin\AppData\Local\Temp\Opera_installer_2212280123172181224.dll
                                                                                  Filesize

                                                                                  4.3MB

                                                                                  MD5

                                                                                  09ce9fd443ba9fb4c7ac6cf5c2b1ae53

                                                                                  SHA1

                                                                                  029a9ab9c36da0756441d8346cbfece76e3820d5

                                                                                  SHA256

                                                                                  ceeb8dd897035807425e9d24d0d2b71d65dccf7d8f834b777a587ba697655581

                                                                                  SHA512

                                                                                  a3aafe2e6cf719b086759989229011ccc078c46bc456fb5a50c3b701cc5f4f8b16a4984b7dca6e51688d31a3ff40443cc80cce10a90a27c9eb5a40799900a893

                                                                                  Download Submit

                                                                                • \Users\Admin\AppData\Local\Temp\Opera_installer_2212280123274374196.dll
                                                                                  Filesize

                                                                                  4.3MB

                                                                                  MD5

                                                                                  09ce9fd443ba9fb4c7ac6cf5c2b1ae53

                                                                                  SHA1

                                                                                  029a9ab9c36da0756441d8346cbfece76e3820d5

                                                                                  SHA256

                                                                                  ceeb8dd897035807425e9d24d0d2b71d65dccf7d8f834b777a587ba697655581

                                                                                  SHA512

                                                                                  a3aafe2e6cf719b086759989229011ccc078c46bc456fb5a50c3b701cc5f4f8b16a4984b7dca6e51688d31a3ff40443cc80cce10a90a27c9eb5a40799900a893

                                                                                  Download Submit

                                                                                • \Users\Admin\AppData\Local\Temp\Opera_installer_2212280124295524432.dll
                                                                                  Filesize

                                                                                  5.3MB

                                                                                  MD5

                                                                                  ae1417436f5f6eea32d8fcef592ccd72

                                                                                  SHA1

                                                                                  e95e3020cdf633d7368372712b4ea719ff12737d

                                                                                  SHA256

                                                                                  f63cb5ab2f5c81ac80d5647889ef7af971c2fed5a3bba6169c2b521b122d7ea0

                                                                                  SHA512

                                                                                  6d2f294783c3e03d1a196de941d38686d30b56e2d8fb6c5ccc7f6d9d676c91e7f1f695d5c2c267cb4439c4f5c81b98117c26ff5d6f41a3dade8123dde2bb9030

                                                                                  Download Submit

                                                                                • \Users\Admin\AppData\Local\Temp\Opera_installer_2212280124298023752.dll
                                                                                  Filesize

                                                                                  5.3MB

                                                                                  MD5

                                                                                  ae1417436f5f6eea32d8fcef592ccd72

                                                                                  SHA1

                                                                                  e95e3020cdf633d7368372712b4ea719ff12737d

                                                                                  SHA256

                                                                                  f63cb5ab2f5c81ac80d5647889ef7af971c2fed5a3bba6169c2b521b122d7ea0

                                                                                  SHA512

                                                                                  6d2f294783c3e03d1a196de941d38686d30b56e2d8fb6c5ccc7f6d9d676c91e7f1f695d5c2c267cb4439c4f5c81b98117c26ff5d6f41a3dade8123dde2bb9030

                                                                                  Download Submit

                                                                                • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
                                                                                  Filesize

                                                                                  1.7MB

                                                                                  MD5

                                                                                  1bbf5dd0b6ca80e4c7c77495c3f33083

                                                                                  SHA1

                                                                                  e0520037e60eb641ec04d1e814394c9da0a6a862

                                                                                  SHA256

                                                                                  bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

                                                                                  SHA512

                                                                                  97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

                                                                                  Download Submit

                                                                                • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
                                                                                  Filesize

                                                                                  97KB

                                                                                  MD5

                                                                                  da1d0cd400e0b6ad6415fd4d90f69666

                                                                                  SHA1

                                                                                  de9083d2902906cacf57259cf581b1466400b799

                                                                                  SHA256

                                                                                  7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

                                                                                  SHA512

                                                                                  f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

                                                                                  Download Submit

                                                                                • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
                                                                                  Filesize

                                                                                  326KB

                                                                                  MD5

                                                                                  80d93d38badecdd2b134fe4699721223

                                                                                  SHA1

                                                                                  e829e58091bae93bc64e0c6f9f0bac999cfda23d

                                                                                  SHA256

                                                                                  c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

                                                                                  SHA512

                                                                                  9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

                                                                                  Download Submit

                                                                                • \Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
                                                                                  Filesize

                                                                                  326KB

                                                                                  MD5

                                                                                  80d93d38badecdd2b134fe4699721223

                                                                                  SHA1

                                                                                  e829e58091bae93bc64e0c6f9f0bac999cfda23d

                                                                                  SHA256

                                                                                  c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

                                                                                  SHA512

                                                                                  9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

                                                                                  Download Submit

                                                                                • memory/440-1482-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/504-935-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/688-1065-0x0000000002DF0000-0x0000000003DF0000-memory.dmp

                                                                                  Filesize

                                                                                  16.0MB

                                                                                  Download

                                                                                • memory/688-1017-0x0000000002DF0000-0x0000000003DF0000-memory.dmp

                                                                                  Filesize

                                                                                  16.0MB

                                                                                  Download

                                                                                • memory/688-1095-0x0000000002DF0000-0x0000000003DF0000-memory.dmp

                                                                                  Filesize

                                                                                  16.0MB

                                                                                  Download

                                                                                • memory/688-934-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/688-1047-0x0000000002DF0000-0x0000000003DF0000-memory.dmp

                                                                                  Filesize

                                                                                  16.0MB

                                                                                  Download

                                                                                • memory/688-1029-0x0000000002DF0000-0x0000000003DF0000-memory.dmp

                                                                                  Filesize

                                                                                  16.0MB

                                                                                  Download

                                                                                • memory/688-963-0x0000000002DF0000-0x0000000003DF0000-memory.dmp

                                                                                  Filesize

                                                                                  16.0MB

                                                                                  Download

                                                                                • memory/688-1084-0x0000000002DF0000-0x0000000003DF0000-memory.dmp

                                                                                  Filesize

                                                                                  16.0MB

                                                                                  Download

                                                                                • memory/976-1559-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/1172-1519-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/1224-686-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/1224-875-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                                  Filesize

                                                                                  5.0MB

                                                                                  Download

                                                                                • memory/1224-1702-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                                  Filesize

                                                                                  5.0MB

                                                                                  Download

                                                                                • memory/1244-510-0x0000000000980000-0x0000000000D68000-memory.dmp

                                                                                  Filesize

                                                                                  3.9MB

                                                                                  Download

                                                                                • memory/1244-362-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/1244-367-0x0000000000980000-0x0000000000D68000-memory.dmp

                                                                                  Filesize

                                                                                  3.9MB

                                                                                  Download

                                                                                • memory/1244-822-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/1404-1495-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/1688-1746-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/1800-1156-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/1856-1552-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/1972-1365-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/2176-1477-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/2364-1563-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/2388-1170-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/2464-1421-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/2468-1527-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/2732-1589-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/2736-1531-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/3012-185-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/3012-173-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/3012-302-0x0000000005A10000-0x0000000006A13000-memory.dmp

                                                                                  Filesize

                                                                                  16.0MB

                                                                                  Download

                                                                                • memory/3012-297-0x0000000000F90000-0x0000000001378000-memory.dmp

                                                                                  Filesize

                                                                                  3.9MB

                                                                                  Download

                                                                                • memory/3012-177-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/3012-175-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/3012-178-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/3012-268-0x0000000005A10000-0x0000000006A13000-memory.dmp

                                                                                  Filesize

                                                                                  16.0MB

                                                                                  Download

                                                                                • memory/3012-174-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/3012-885-0x0000000000F90000-0x0000000001378000-memory.dmp

                                                                                  Filesize

                                                                                  3.9MB

                                                                                  Download

                                                                                • memory/3012-179-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/3012-171-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/3012-264-0x0000000010000000-0x0000000010051000-memory.dmp

                                                                                  Filesize

                                                                                  324KB

                                                                                  Download

                                                                                • memory/3012-176-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/3012-187-0x0000000000F90000-0x0000000001378000-memory.dmp

                                                                                  Filesize

                                                                                  3.9MB

                                                                                  Download

                                                                                • memory/3012-186-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/3012-1741-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/3012-184-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/3012-183-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/3012-181-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/3012-182-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/3152-1496-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/3172-1428-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/3268-1415-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/3268-1515-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/3464-1523-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/3684-1441-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/3752-1150-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/3772-1508-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/3784-1535-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4068-1009-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4104-1737-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                                  Filesize

                                                                                  5.0MB

                                                                                  Download

                                                                                • memory/4104-795-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                                  Filesize

                                                                                  5.0MB

                                                                                  Download

                                                                                • memory/4104-534-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4196-769-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4196-1738-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                                  Filesize

                                                                                  5.0MB

                                                                                  Download

                                                                                • memory/4196-1135-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                                  Filesize

                                                                                  5.0MB

                                                                                  Download

                                                                                • memory/4248-1740-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4264-465-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4264-764-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                                  Filesize

                                                                                  5.0MB

                                                                                  Download

                                                                                • memory/4264-483-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                                  Filesize

                                                                                  5.0MB

                                                                                  Download

                                                                                • memory/4264-1700-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                                  Filesize

                                                                                  5.0MB

                                                                                  Download

                                                                                • memory/4276-1085-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4288-1217-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4336-1511-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4388-1502-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4408-1463-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4408-308-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4432-1147-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4468-1491-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4640-685-0x0000000000400000-0x000000000090C000-memory.dmp

                                                                                  Filesize

                                                                                  5.0MB

                                                                                  Download

                                                                                • memory/4640-597-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4840-1318-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4908-122-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-143-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-154-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-139-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-137-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-136-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-135-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-134-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-150-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-133-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-132-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-131-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-130-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-129-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-128-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-127-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-126-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-125-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-124-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-123-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-156-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-149-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-141-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-121-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-140-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-155-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-157-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-158-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-142-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-159-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-120-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-160-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-148-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-161-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-153-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-152-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-162-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-138-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-151-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-144-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-163-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-170-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-164-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-145-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-165-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-147-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-166-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-169-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-146-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-167-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4908-168-0x0000000077BB0000-0x0000000077D3E000-memory.dmp

                                                                                  Filesize

                                                                                  1.6MB

                                                                                  Download

                                                                                • memory/4940-975-0x00000000023D0000-0x00000000033D0000-memory.dmp

                                                                                  Filesize

                                                                                  16.0MB

                                                                                  Download

                                                                                • memory/4940-1146-0x00000000023D0000-0x00000000033D0000-memory.dmp

                                                                                  Filesize

                                                                                  16.0MB

                                                                                  Download

                                                                                • memory/4940-882-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/4940-993-0x00000000023D0000-0x00000000033D0000-memory.dmp

                                                                                  Filesize

                                                                                  16.0MB

                                                                                  Download

                                                                                • memory/4940-888-0x00000000023D0000-0x00000000033D0000-memory.dmp

                                                                                  Filesize

                                                                                  16.0MB

                                                                                  Download

                                                                                • memory/4944-1481-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/5040-1571-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/5048-1556-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/5104-1579-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/5352-1615-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/5388-1618-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/5628-1623-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/5652-1624-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/5680-1627-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/5708-1630-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/5720-1751-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/5752-1633-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/5756-1759-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/5832-1640-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/5912-1767-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/6020-1774-0x0000000000000000-mapping.dmp

                                                                                  Download

                                                                                • memory/6072-1784-0x0000000000000000-mapping.dmp

                                                                                  Download