7e49e00be1992fbc4ac14f2e5e3c05dccadf8fba3c3936357d8df7f146f5f0a3

Analysis

max time kernel
206s
max time network
213s
platform
windows10-2004_x64
resource
win10v2004-20221111-en
resource tags

arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
submitted
10/02/2023, 23:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.871-Installer-1.0.6.exe
Size

23.7MB
MD5

49fb0f13cdb8d7cad1487889b6becced
SHA1

b71d98ec45e6f7314f0e33106485beef99b2ee7c
SHA256

7e49e00be1992fbc4ac14f2e5e3c05dccadf8fba3c3936357d8df7f146f5f0a3
SHA512

639fa23294556bf77080d420e7e1b5b7c07a8b1e93897c36a4f8e398c1c58de9b91636420102e68f6957c768793797728664e32dc38aa68315746882b4ebe1d9
SSDEEP

393216:XX921sp/n85Pfs/dQETVlOBbpFEj9GZ1GphRqV56Hpk7IXOzDnKI17fyV5:XN8s18hHExiTI3qqHp6zvKcfyV5

Score

8^/10

discovery persistence spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 18 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	irsetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	TLauncher-2.871-Installer-1.0.6.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	opera_autoupdate.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	irsetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	AdditionalExecuteTL.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Control Panel\International\Geo\Nation	opera.exe

Executes dropped EXE 64 IoCs

pid	Process
1660	irsetup.exe
696	AdditionalExecuteTL.exe
4008	irsetup.exe
1704	opera-installer-bro.exe
4820	opera-installer-bro.exe
4588	opera-installer-bro.exe
3036	opera-installer-bro.exe
4052	opera-installer-bro.exe
3908	TLauncher.exe
4528	_sfx.exe
532	assistant_installer.exe
2128	assistant_installer.exe
4548	installer.exe
4520	installer.exe
4332	launcher.exe
1448	opera.exe
2760	opera_crashreporter.exe
3816	opera.exe
2732	opera.exe
2768	opera.exe
4116	opera_crashreporter.exe
5132	opera.exe
5200	opera.exe
5216	opera.exe
5300	opera.exe
5376	opera.exe
5440	opera.exe
5480	opera.exe
5528	opera.exe
5568	opera.exe
5632	opera.exe
5712	opera_autoupdate.exe
5884	opera.exe
5908	opera.exe
5976	opera.exe
6084	opera.exe
6112	opera.exe
5284	opera.exe
4836	opera.exe
3940	opera.exe
4784	opera.exe
1820	opera_autoupdate.exe
1272	opera.exe
4668	opera.exe
4684	opera_autoupdate.exe
5860	opera.exe
4768	opera.exe
5616	opera.exe
3896	opera.exe
5660	opera.exe
3504	opera.exe
1660	opera.exe
5780	opera.exe
5380	opera.exe
2128	launcher.exe
5580	opera.exe
5656	opera.exe
6016	opera.exe
5568	opera.exe
1240	opera.exe
5600	opera.exe
2956	opera.exe
416	opera.exe
3776	opera.exe

Loads dropped DLL 64 IoCs

pid	Process
1660	irsetup.exe
1660	irsetup.exe
1660	irsetup.exe
4008	irsetup.exe
1704	opera-installer-bro.exe
4820	opera-installer-bro.exe
4588	opera-installer-bro.exe
3036	opera-installer-bro.exe
4052	opera-installer-bro.exe
4548	installer.exe
4520	installer.exe
1448	opera.exe
1448	opera.exe
3816	opera.exe
3816	opera.exe
3816	opera.exe
3816	opera.exe
3816	opera.exe
3816	opera.exe
3816	opera.exe
2732	opera.exe
2768	opera.exe
2768	opera.exe
2732	opera.exe
5132	opera.exe
5132	opera.exe
5200	opera.exe
5200	opera.exe
5132	opera.exe
5132	opera.exe
5132	opera.exe
5132	opera.exe
5132	opera.exe
5216	opera.exe
5216	opera.exe
5300	opera.exe
5300	opera.exe
5376	opera.exe
5376	opera.exe
5440	opera.exe
5480	opera.exe
5440	opera.exe
5480	opera.exe
5528	opera.exe
5528	opera.exe
5568	opera.exe
5568	opera.exe
5632	opera.exe
5632	opera.exe
5712	opera_autoupdate.exe
5712	opera_autoupdate.exe
5884	opera.exe
5884	opera.exe
5908	opera.exe
5908	opera.exe
5976	opera.exe
5976	opera.exe
6084	opera.exe
6084	opera.exe
6112	opera.exe
6112	opera.exe
5284	opera.exe
5284	opera.exe
4836	opera.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

Registers COM server for autorun 1 TTPs 3 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\WOW6432Node\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\LocalServer32	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\WOW6432Node\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\95.0.4635.37\\notification_helper.exe\""	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\WOW6432Node\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\95.0.4635.37\\notification_helper.exe"	installer.exe

UPX packed file 26 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x0007000000022de4-133.dat	upx
behavioral2/files/0x0007000000022de4-134.dat	upx
behavioral2/memory/1660-137-0x00000000003E0000-0x00000000007C8000-memory.dmp	upx
behavioral2/memory/1660-142-0x00000000003E0000-0x00000000007C8000-memory.dmp	upx
behavioral2/files/0x000200000001e6ca-147.dat	upx
behavioral2/files/0x000200000001e6ca-148.dat	upx
behavioral2/memory/4008-152-0x0000000000C30000-0x0000000001018000-memory.dmp	upx
behavioral2/files/0x0006000000023043-155.dat	upx
behavioral2/files/0x0006000000023043-154.dat	upx
behavioral2/memory/1704-157-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral2/memory/4008-159-0x0000000000C30000-0x0000000001018000-memory.dmp	upx
behavioral2/files/0x0006000000023043-160.dat	upx
behavioral2/memory/4820-162-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral2/files/0x0006000000023053-164.dat	upx
behavioral2/files/0x0006000000023053-165.dat	upx
behavioral2/memory/4588-167-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral2/files/0x0006000000023043-169.dat	upx
behavioral2/memory/3036-173-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral2/files/0x0006000000023043-175.dat	upx
behavioral2/memory/4052-178-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral2/memory/1660-184-0x00000000003E0000-0x00000000007C8000-memory.dmp	upx
behavioral2/memory/1704-206-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral2/memory/3036-276-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral2/memory/1704-278-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral2/memory/4052-279-0x0000000000400000-0x0000000000947000-memory.dmp	upx
behavioral2/memory/4820-280-0x0000000000400000-0x0000000000947000-memory.dmp	upx

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\Software\Microsoft\Windows\CurrentVersion\Run	opera.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Opera Stable = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\launcher.exe"	opera.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 3 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	opera-installer-bro.exe
File opened (read-only)	\??\D:	opera-installer-bro.exe
File opened (read-only)	\??\D:	installer.exe

Drops file in Program Files directory 16 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\ntdll.pdb	javaw.exe
File created	C:\Program Files\scoped_dir2768_1439750482\persona.ini	opera.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\symbols\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\ntdll.pdb	javaw.exe
File created	C:\Program Files\scoped_dir2768_1439750482\reborn5.png	opera.exe
File created	C:\Program Files\scoped_dir2768_1273062116\persona.ini	opera.exe
File created	C:\Program Files\scoped_dir2768_1273062116\reborn5_dark.jpg	opera.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\symbols\dll\jvm.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\server\dll\ntdll.pdb	javaw.exe
File opened for modification	C:\Program Files\Java\jre1.8.0_66\bin\ntdll.pdb	javaw.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 5 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	opera.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	opera.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	opera.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	opera.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	opera.exe

Modifies registry class 44 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.opdownload\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.xhtml	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\Applications\opera.exe\shell	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\Applications\opera.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\Launcher.exe\" \"%1\""	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.shtml	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.xht\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.xhtml\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable\shell\open	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable\shell\open\ddeexec\	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable\shell\open\ddeexec\Application\	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable\shell\open\ddeexec\Topic	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.htm\OpenWithProgids\OperaStable = "0"	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.xhtml\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\WOW6432Node\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\LocalServer32	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\WOW6432Node	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\WOW6432Node\CLSID\{E7629152-0A34-4487-B787-5D1144304455}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\WOW6432Node\CLSID	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\Launcher.exe,0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable\shell\open\command	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.html\OpenWithProgids\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\Applications\opera.exe\shell\open\command	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable\URL Protocol	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable\DefaultIcon	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable\shell\open\ddeexec\Application	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\Applications\opera.exe	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable\shell\open\ddeexec	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable\shell\open\ddeexec\Topic\	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.pdf\OpenWithProgids\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.xht	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\WOW6432Node\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\95.0.4635.37\\notification_helper.exe"	installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2971393436-602173351-1645505021-1000\{D1020172-DD81-4391-928B-842B39219184}	opera.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\WOW6432Node\CLSID\{E7629152-0A34-4487-B787-5D1144304455}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\95.0.4635.37\\notification_helper.exe\""	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable\shell	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.opdownload\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.shtml\OpenWithProgIDs	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.shtml\OpenWithProgIDs\OperaStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.xht\OpenWithProgIDs	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable\FriendlyTypeName = "Opera Web Document"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\OperaStable\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera\\Launcher.exe\" -noautoupdate -- \"%1\""	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\.opdownload	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\Applications	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-2971393436-602173351-1645505021-1000_Classes\Applications\opera.exe\shell\open	installer.exe

Modifies system certificate store 2 TTPs 10 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe

Suspicious behavior: EnumeratesProcesses 3 IoCs

pid	Process
2768	opera.exe
2768	opera.exe
2768	opera.exe

Suspicious use of AdjustPrivilegeToken 37 IoCs

description	pid	Process
Token: SeManageVolumePrivilege	3660	svchost.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe
Token: SeShutdownPrivilege	2768	opera.exe
Token: SeCreatePagefilePrivilege	2768	opera.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4548	installer.exe

Suspicious use of SendNotifyMessage 10 IoCs

pid	Process
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1660	irsetup.exe
1660	irsetup.exe
1660	irsetup.exe
1660	irsetup.exe
1660	irsetup.exe
1660	irsetup.exe
1660	irsetup.exe
696	AdditionalExecuteTL.exe
4008	irsetup.exe
4008	irsetup.exe
4008	irsetup.exe
1704	opera-installer-bro.exe
4820	opera-installer-bro.exe
4588	opera-installer-bro.exe
3036	opera-installer-bro.exe
4052	opera-installer-bro.exe
3908	TLauncher.exe
4332	javaw.exe
4528	_sfx.exe
532	assistant_installer.exe
2128	assistant_installer.exe
4332	javaw.exe
4548	installer.exe
4520	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe
4548	installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 1660	2072	TLauncher-2.871-Installer-1.0.6.exe	81
PID 2072 wrote to memory of 1660	2072	TLauncher-2.871-Installer-1.0.6.exe	81
PID 2072 wrote to memory of 1660	2072	TLauncher-2.871-Installer-1.0.6.exe	81
PID 1660 wrote to memory of 696	1660	irsetup.exe	93
PID 1660 wrote to memory of 696	1660	irsetup.exe	93
PID 1660 wrote to memory of 696	1660	irsetup.exe	93
PID 696 wrote to memory of 4008	696	AdditionalExecuteTL.exe	94
PID 696 wrote to memory of 4008	696	AdditionalExecuteTL.exe	94
PID 696 wrote to memory of 4008	696	AdditionalExecuteTL.exe	94
PID 4008 wrote to memory of 1704	4008	irsetup.exe	95
PID 4008 wrote to memory of 1704	4008	irsetup.exe	95
PID 4008 wrote to memory of 1704	4008	irsetup.exe	95
PID 1704 wrote to memory of 4820	1704	opera-installer-bro.exe	96
PID 1704 wrote to memory of 4820	1704	opera-installer-bro.exe	96
PID 1704 wrote to memory of 4820	1704	opera-installer-bro.exe	96
PID 1704 wrote to memory of 4588	1704	opera-installer-bro.exe	97
PID 1704 wrote to memory of 4588	1704	opera-installer-bro.exe	97
PID 1704 wrote to memory of 4588	1704	opera-installer-bro.exe	97
PID 1704 wrote to memory of 3036	1704	opera-installer-bro.exe	99
PID 1704 wrote to memory of 3036	1704	opera-installer-bro.exe	99
PID 1704 wrote to memory of 3036	1704	opera-installer-bro.exe	99
PID 3036 wrote to memory of 4052	3036	opera-installer-bro.exe	100
PID 3036 wrote to memory of 4052	3036	opera-installer-bro.exe	100
PID 3036 wrote to memory of 4052	3036	opera-installer-bro.exe	100
PID 1660 wrote to memory of 3908	1660	irsetup.exe	101
PID 1660 wrote to memory of 3908	1660	irsetup.exe	101
PID 1660 wrote to memory of 3908	1660	irsetup.exe	101
PID 3908 wrote to memory of 4332	3908	TLauncher.exe	102
PID 3908 wrote to memory of 4332	3908	TLauncher.exe	102
PID 1704 wrote to memory of 4528	1704	opera-installer-bro.exe	104
PID 1704 wrote to memory of 4528	1704	opera-installer-bro.exe	104
PID 1704 wrote to memory of 4528	1704	opera-installer-bro.exe	104
PID 1704 wrote to memory of 532	1704	opera-installer-bro.exe	106
PID 1704 wrote to memory of 532	1704	opera-installer-bro.exe	106
PID 1704 wrote to memory of 532	1704	opera-installer-bro.exe	106
PID 532 wrote to memory of 2128	532	assistant_installer.exe	107
PID 532 wrote to memory of 2128	532	assistant_installer.exe	107
PID 532 wrote to memory of 2128	532	assistant_installer.exe	107
PID 3036 wrote to memory of 4548	3036	opera-installer-bro.exe	117
PID 3036 wrote to memory of 4548	3036	opera-installer-bro.exe	117
PID 4548 wrote to memory of 4520	4548	installer.exe	118
PID 4548 wrote to memory of 4520	4548	installer.exe	118
PID 4548 wrote to memory of 4332	4548	installer.exe	120
PID 4548 wrote to memory of 4332	4548	installer.exe	120
PID 4332 wrote to memory of 1448	4332	launcher.exe	121
PID 4332 wrote to memory of 1448	4332	launcher.exe	121
PID 1448 wrote to memory of 2760	1448	opera.exe	122
PID 1448 wrote to memory of 2760	1448	opera.exe	122
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123
PID 1448 wrote to memory of 3816	1448	opera.exe	123

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.871-Installer-1.0.6.exe" "__IRCT:3" "__IRTSS:24870711" "__IRSID:S-1-5-21-2971393436-602173351-1645505021-1000"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1660
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:696
  - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-2971393436-602173351-1645505021-1000"
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      Suspicious use of WriteProcessMemory
      PID:4008
    - - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Modifies system certificate store
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.37 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6ef8e428,0x6ef8e438,0x6ef8e444
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:4820
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:4588
      - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1704 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230214021457" --session-guid=c86b8de9-7d01-414e-88d3-d1198c737091 --server-tracking-blob=YWJiMDQ5NjgwNTg1M2QxMDE5YjIxNDIzYmMwNTRmMDMzNTA1YmQ1N2Y3ZDBjZTQ4Y2NkNjg2NDAwMjg5MzAxYzp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzYzMzcyOTYuMDk4MCIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiMzgxZGRkYTMtZTE5Ni00MTE5LTgxMjAtZTI0YWNlNTFlZjdhIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=E005000000000000
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:3036
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.37 --initial-client-data=0x34c,0x350,0x354,0x31c,0x358,0x6e46e428,0x6e46e438,0x6e46e444
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:4052
        
        C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\installer.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\installer.exe" --backend --initial-pid=1704 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571" --session-guid=c86b8de9-7d01-414e-88d3-d1198c737091 --server-tracking-blob=YWJiMDQ5NjgwNTg1M2QxMDE5YjIxNDIzYmMwNTRmMDMzNTA1YmQ1N2Y3ZDBjZTQ4Y2NkNjg2NDAwMjg5MzAxYzp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzYzMzcyOTYuMDk4MCIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiMzgxZGRkYTMtZTE5Ni00MTE5LTgxMjAtZTI0YWNlNTFlZjdhIn0= --silent --desktopshortcut=1 --install-subfolder=95.0.4635.37
        7⤵
        Executes dropped EXE
        Loads dropped DLL
        Registers COM server for autorun
        Enumerates connected drives
        Modifies registry class
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:4548
        
        C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\installer.exe
        
        C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\installer.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.37 --initial-client-data=0x2b8,0x2bc,0x2c0,0x294,0x2c4,0x7fff9538a908,0x7fff9538a918,0x7fff9538a928
        8⤵
        Executes dropped EXE
        Loads dropped DLL
        Suspicious use of SetWindowsHookEx
        
        PID:4520
        
        C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe" --start-maximized
        8⤵
        Executes dropped EXE
        Suspicious use of WriteProcessMemory
        
        PID:4332
        
        C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher
        9⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates system info in registry
        Suspicious use of WriteProcessMemory
        
        PID:1448
        
        C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_crashreporter.exe
        
        C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.37 --initial-client-data=0x2c4,0x2e8,0x2ec,0x2a4,0x2f0,0x7fff8c273a18,0x7fff8c273a28,0x7fff8c273a38
        10⤵
        Executes dropped EXE
        
        PID:2760
        
        C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1888,i,12168366792033187225,15691513431668440404,131072 /prefetch:2
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:3816
        
        C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2060 --field-trial-handle=1888,i,12168366792033187225,15691513431668440404,131072 /prefetch:8
        10⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2732
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\assistant\_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\assistant\_sfx.exe"
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:4528
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\assistant\assistant_installer.exe" --version
        6⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        Suspicious use of WriteProcessMemory
        
        PID:532
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2cc,0x2fc,0xff2dc0,0xff2dd0,0xff2ddc
        7⤵
        Executes dropped EXE
        Suspicious use of SetWindowsHookEx
        
        PID:2128
- - C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
    "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of SetWindowsHookEx
    - Suspicious use of WriteProcessMemory
    PID:3908
  - - C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
      "C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
      4⤵
      Drops file in Program Files directory
      Suspicious use of SetWindowsHookEx
      PID:4332

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3660

C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --start-maximized --ran-launcher --flag-switches-begin --flag-switches-end --enable-quic --lowered-browser
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Drops file in Program Files directory
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2768
- C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_crashreporter.exe
  C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_crashreporter.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.37 --initial-client-data=0x2e4,0x2e8,0x2ec,0x2c0,0x2f0,0x7fff8c273a18,0x7fff8c273a28,0x7fff8c273a38
  2⤵
  - Executes dropped EXE
  PID:4116
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1652 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5132
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=1944 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5200
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=2200 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5216
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=3112 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5300
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=3124 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5376
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=3136 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5440
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=3148 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5480
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=3160 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5528
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=3172 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  PID:5568
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --mojo-platform-channel-handle=3368 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5632
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=12 --mojo-platform-channel-handle=3376 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:1
  2⤵
  PID:5712
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --mojo-platform-channel-handle=4504 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5884
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --start-stack-profiler --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --mojo-platform-channel-handle=4528 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5908
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --mojo-platform-channel-handle=4568 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5976
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --mojo-platform-channel-handle=4584 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6084
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4884 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:6112
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=5 --mojo-platform-channel-handle=5332 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5284
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=5684 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:4836
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=6060 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:3940
- C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe" --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
  2⤵
  - Executes dropped EXE
  PID:1820
- - C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe
    C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.37 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff7349ccbd8,0x7ff7349ccbe8,0x7ff7349ccbf8
    3⤵
    - Executes dropped EXE
    PID:4684
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=6396 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:4668
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --mojo-platform-channel-handle=6228 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5860
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=6924 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:4768
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --mojo-platform-channel-handle=6264 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:1272
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=6236 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  PID:4784
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=6932 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5616
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=6940 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:3896
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=6852 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5660
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=6952 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:3504
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=6964 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:1660
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=6904 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5780
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=6996 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5380
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=6992 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5580
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=7012 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5656
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=7028 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:6016
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=7032 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5568
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=7040 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:1240
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=7148 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5600
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=7164 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:2956
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=7124 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:416
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=5328 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:3776
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=5496 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  PID:5920
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --mojo-platform-channel-handle=3788 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:1
  2⤵
  - Checks computer location settings
  PID:5468
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=3892 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  PID:5776
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=6876 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  PID:6060
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=4392 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  PID:420
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=8444 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  PID:5680
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=8440 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  PID:3164
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:aliexpress-modal=off --with-feature:automatic-video-popout-expanded=on --with-feature:continue-on-booking=on --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:partner-dropdown-suggestions-boost=on --with-feature:personalized-speeddials=on --with-feature:sd-suggestions-external=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner=on --with-feature:tiktok-panel=off --with-feature:yandex-zen-iframe-scroll=on --with-feature:yandex-zen-leads-for-nonsdusers=off --with-feature:yandex-zen-lift-up=off --with-feature:yandex-zen-news=off --with-feature:yandex-zen-news-next=on --with-feature:yat-emoji-addresses=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=off --with-feature:installer-one-version-one-subfolder=off --mojo-platform-channel-handle=3968 --field-trial-handle=2052,i,8855492045651185126,5342282168683212877,131072 /prefetch:8
  2⤵
  PID:5496

C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe
C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --autoupdaterequesttype=automatic --autoupdateoperaversion=95.0.4635.37 --newautoupdaterlogic
1⤵
- Executes dropped EXE
PID:2128
- C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
  2⤵
  PID:5796
- C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe" --pipeid=oauc_task_pipedcbb8f53eff625f232ff45d764476217 --user-data-dir="C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015" --scheduledtask
  2⤵
  PID:5804
- - C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\installer.exe" --version
    3⤵
    PID:3536

C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_autoupdate.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015 /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\Crash Reports" --crash-count-file=C:\Users\Admin\AppData\Local\Temp\.opera\72A8C838D015\crash_count.txt --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.37 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ff7349ccbd8,0x7ff7349ccbe8,0x7ff7349ccbf8
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:5712

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
471B

MD5
0054a1fbd684189c09c29b9433c9852f

SHA1
200fd59a338bc57eff3ad7a28708c188f69cb6a3

SHA256
6928afafe1e2503dc9213143819b89037e2789fc71ab2a3c3ea719e2e6dfa4fb

SHA512
1da7f55415e0973acce3c43eb44e8374fe12d959e3b7a9b546866755ef823811880c34c728498fd1f1959de24e5ba6b245d60f37c685d314870eb53b0694829e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

Filesize
434B

MD5
4b09d9f1aa00e4f55db69bfacab4ed07

SHA1
266deb8b1535c3fbdff0584710e108fcde564065

SHA256
37c04c45e75c16994933524caf1f0bc21c644fab17ac9c65b69d95a2bd9f9a18

SHA512
d3d45f0f5a5ed8638bc2918279531b1ff48cd3cb5ae825159511943cf8f626407a892ddcda1579e2ad33c43944f1bba56110b464283305b24a07c51c2f9aaafd

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\d3dcompiler_47.dll

Filesize
4.7MB

MD5
e9f521f7e935681d7cdc2e4d3ab7f6fc

SHA1
778c2ff4be58d2b4cfca9ac7fe4f2e66f4678fce

SHA256
e8a2f2b46db2524194d987153c65b5f08b84e877e2f8283056f12604abcfb6eb

SHA512
382cc5cdd644d7ef7295344f82c46a88d85e695fdd8dc53a9ccc592c9eaf069a05ba95649ca698767e9d2470787ed7db8448acffb03cb71125b4adc7fd865210

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\installer.exe

Filesize
6.2MB

MD5
47aae2b0e982e612cd33f38e019cc09f

SHA1
b5f02e2a9542401ee173ebb031b339cd7777f525

SHA256
2fe3ae2fc849195d5cdbc9644a762120a6fca55e6a16588895d013a50c28b06d

SHA512
f448fbadd906c896ce3bc301cb3ad989905c2235dd496891e645e3b2c4bb16b15e6ad9a1f11f2d3772077c7ffe5db4c06e695261d805a7c2eaa0ae7991a9beab

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\installer.exe

Filesize
6.2MB

MD5
47aae2b0e982e612cd33f38e019cc09f

SHA1
b5f02e2a9542401ee173ebb031b339cd7777f525

SHA256
2fe3ae2fc849195d5cdbc9644a762120a6fca55e6a16588895d013a50c28b06d

SHA512
f448fbadd906c896ce3bc301cb3ad989905c2235dd496891e645e3b2c4bb16b15e6ad9a1f11f2d3772077c7ffe5db4c06e695261d805a7c2eaa0ae7991a9beab

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_browser.dll

Filesize
187.3MB

MD5
f483f61129807e315c1bc5a990dd2c7d

SHA1
2e2735945aee8de5e71145d162eaad4902a088a5

SHA256
59547c6c3a6bd99c28d6d25b57bcab565c6590af0f34a38b06c952f8c71b4e57

SHA512
3f6a73a30c3a6e804eae4cc97ffc358169f6e74d811dd4e1f228c3d44fd170a6f7a78d4f03ccf998379955fd64ca23d2a1410f72e2a51e8be4d6832498fd78d3

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_browser.dll

Filesize
187.3MB

MD5
f483f61129807e315c1bc5a990dd2c7d

SHA1
2e2735945aee8de5e71145d162eaad4902a088a5

SHA256
59547c6c3a6bd99c28d6d25b57bcab565c6590af0f34a38b06c952f8c71b4e57

SHA512
3f6a73a30c3a6e804eae4cc97ffc358169f6e74d811dd4e1f228c3d44fd170a6f7a78d4f03ccf998379955fd64ca23d2a1410f72e2a51e8be4d6832498fd78d3

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_crashreporter.exe

Filesize
2.3MB

MD5
22f5d0316bf1576d8173126cfbc87d9c

SHA1
5e008401ae0b457dc9610d4a64c8a73b261c53f4

SHA256
949051b4748ca331fa248cb3a59dafaa18cddc78059f2bdf91665f8abab839c8

SHA512
772e60d7653d88d841e7257a65d33a3581aa34fd6c6f7ea80c94c931d38de2c06caa0dfa0b1f810b3006f599d93f11afee18555df4e0cff1b41569efa04fade6

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_elf.dll

Filesize
1.1MB

MD5
f402e846315abe0e34d103657811710e

SHA1
39093098d65cfa7b1f30ac6525e952abbef7b4ff

SHA256
93ba1735132f58c5de52d3b5ca82a784dda19b9beeaceb1b6d1a6c9b32236c91

SHA512
0441f0b65076f6813537ddb09a013bf562a6e15ab9b4eea35015d3276f28917de26c82ee1f14c8a66511a32473a592109e814fc5ed1634fad85f1e9aef30959d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\95.0.4635.37\opera_elf.dll

Filesize
1.1MB

MD5
f402e846315abe0e34d103657811710e

SHA1
39093098d65cfa7b1f30ac6525e952abbef7b4ff

SHA256
93ba1735132f58c5de52d3b5ca82a784dda19b9beeaceb1b6d1a6c9b32236c91

SHA512
0441f0b65076f6813537ddb09a013bf562a6e15ab9b4eea35015d3276f28917de26c82ee1f14c8a66511a32473a592109e814fc5ed1634fad85f1e9aef30959d

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\installation_status.json

Filesize
11KB

MD5
943b595aafb9821a336054ab68c2f2c6

SHA1
7b8a4844d090baa17954991b9c8acf2f711a99f4

SHA256
995f66a6c12c339563480a7ca38744521bba87e818e2c5f3edd117cf73e9648e

SHA512
4bb1cfa857de1b12fcfcca752142696cc0ab2857711c62086350a49e360239d0544469101d746f2d5dc3a08b2e5875fa933e612b3afa8b297ef6b1978f3c82dd

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\installer_prefs.json

Filesize
1KB

MD5
0a75a54ff725bc528e7d9cab83dde234

SHA1
bc42791ee9c0d5072afa90731d6af5afb74cbd95

SHA256
9cc4b96654fa37ddcfff54632d61b641c7187703651740826a2b965acc8f8b2d

SHA512
d3eba807db8f1e23595c7d18234f0995844cc77f45b50ca73032c5cc081f323745879e83225f611fef52c7619cfd2f2f19f19a9d9a594ba680aea7d1633f646e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe

Filesize
2.5MB

MD5
ed5880e48c8a9ee70c4296fd953cb304

SHA1
f0fe1f7a887eaa04a85c1ef9666cc2ee31ba07fc

SHA256
29c6ac2817ce8009cd5be33fe85e0045257abfe48273b4160f344c51bf19c1d1

SHA512
4f786f905966f23cb1be5609b07602c839a4fc814f3049b6e5218f2b5a1d0252f5e3bac4596d373897e59b5ef57e664b69172f4cfb059e33fd03853b3ff01649

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\launcher.exe

Filesize
2.5MB

MD5
ed5880e48c8a9ee70c4296fd953cb304

SHA1
f0fe1f7a887eaa04a85c1ef9666cc2ee31ba07fc

SHA256
29c6ac2817ce8009cd5be33fe85e0045257abfe48273b4160f344c51bf19c1d1

SHA512
4f786f905966f23cb1be5609b07602c839a4fc814f3049b6e5218f2b5a1d0252f5e3bac4596d373897e59b5ef57e664b69172f4cfb059e33fd03853b3ff01649

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe

Filesize
1.5MB

MD5
6d3f3b4c69c6520214f55b3bd2d850bf

SHA1
546c0c0c890c222eb243de31a1b1382d10df65d2

SHA256
8a205285dbf992edcc874507964c237aa20c633b62850d4ea79229ebcda901dc

SHA512
599c9d115277a59a094700bfe1ba1f745e76873af06d2cfdffdf7e1834f0d15f7a94534933a172636b46c4a75d0372b25459414135c7ba9534d9ea8f94ad7b65

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe

Filesize
1.5MB

MD5
6d3f3b4c69c6520214f55b3bd2d850bf

SHA1
546c0c0c890c222eb243de31a1b1382d10df65d2

SHA256
8a205285dbf992edcc874507964c237aa20c633b62850d4ea79229ebcda901dc

SHA512
599c9d115277a59a094700bfe1ba1f745e76873af06d2cfdffdf7e1834f0d15f7a94534933a172636b46c4a75d0372b25459414135c7ba9534d9ea8f94ad7b65

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe

Filesize
1.5MB

MD5
6d3f3b4c69c6520214f55b3bd2d850bf

SHA1
546c0c0c890c222eb243de31a1b1382d10df65d2

SHA256
8a205285dbf992edcc874507964c237aa20c633b62850d4ea79229ebcda901dc

SHA512
599c9d115277a59a094700bfe1ba1f745e76873af06d2cfdffdf7e1834f0d15f7a94534933a172636b46c4a75d0372b25459414135c7ba9534d9ea8f94ad7b65

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe

Filesize
1.5MB

MD5
6d3f3b4c69c6520214f55b3bd2d850bf

SHA1
546c0c0c890c222eb243de31a1b1382d10df65d2

SHA256
8a205285dbf992edcc874507964c237aa20c633b62850d4ea79229ebcda901dc

SHA512
599c9d115277a59a094700bfe1ba1f745e76873af06d2cfdffdf7e1834f0d15f7a94534933a172636b46c4a75d0372b25459414135c7ba9534d9ea8f94ad7b65

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\pref_default_overrides

Filesize
57B

MD5
f488c9f9d9d5e631484d4bf155f45442

SHA1
0f0e624770e47bea5186748a9de85c677dd84fa7

SHA256
e6f214ff5ccbbe6e7abcf309138cdcb46d3fe3915e9bbbe8dd3c15afb439f708

SHA512
d72d1daa86e650a0589f6991f7a7bb3b7ca3484d49bc0d0d703b28b8f399f3123df2bf3c949a899fab55bde7d888736f655e462e2cd02ade59bbf9e67df54064

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
3b2ee2607396e9735f868d775134ba60

SHA1
f974b262a200557f4b12e9fd7bb290e585c6ffd6

SHA256
554d76766c86161530f286ad1bb26f374bf785587f6a233b6a8d238b40c27155

SHA512
73485acd4ddaa25efd55c7e237da92916eaab6e3935dc2a9ce8f87a0c76da2c54d93a6ea8939ac81c5bba9bc04d1b1994676c076d639954f3aae51cd7cb2a2db

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
3b2ee2607396e9735f868d775134ba60

SHA1
f974b262a200557f4b12e9fd7bb290e585c6ffd6

SHA256
554d76766c86161530f286ad1bb26f374bf785587f6a233b6a8d238b40c27155

SHA512
73485acd4ddaa25efd55c7e237da92916eaab6e3935dc2a9ce8f87a0c76da2c54d93a6ea8939ac81c5bba9bc04d1b1994676c076d639954f3aae51cd7cb2a2db

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\assistant\_sfx.exe

Filesize
1.7MB

MD5
0238df215bf6943892daf85de8ad433a

SHA1
3d905e4e2c0e9170df61b7a199321847691f945e

SHA256
a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

SHA512
fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\assistant\_sfx.exe

Filesize
1.7MB

MD5
0238df215bf6943892daf85de8ad433a

SHA1
3d905e4e2c0e9170df61b7a199321847691f945e

SHA256
a7818aca6acbe347df13d51d9750f6a852c5aa2a58580f7f2015113e0a3e06d7

SHA512
fc6c12e359b9a4ce84ef878f29648a4c97c38fd12ed80996c5e03829833220010fff9c751a99f399dad3529bda6438424194ed18236addfbe430343807aaad69

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
9df6e2fbb7e38964f35016bf91ef7424

SHA1
d0c1266dc46814bc6165cf6a69e90581228989a7

SHA256
3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

SHA512
b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
9df6e2fbb7e38964f35016bf91ef7424

SHA1
d0c1266dc46814bc6165cf6a69e90581228989a7

SHA256
3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

SHA512
b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\assistant\assistant_installer.exe

Filesize
2.1MB

MD5
9df6e2fbb7e38964f35016bf91ef7424

SHA1
d0c1266dc46814bc6165cf6a69e90581228989a7

SHA256
3573825f31875d403832de8e06aabc2adbdf0c5279d80ea62dfcb1f159f06c1d

SHA512
b14c2224ae10c80429205a39791745b1627c1a487176c06aa105d0689e77fb0b86427e1a7d5aef5d06460070b3df4ebea41db67d54e221ea25979b3bb5318d3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\installer_prefs_include.json

Filesize
1KB

MD5
b01e29a62989aff5de4b64629ae0e744

SHA1
fc2f54dba93d3685a3a683f0d5dff54762faef23

SHA256
7c3eb3e4f29302a1458671d28bb586cec139db10fdcd92c0c978a2c24cf41f19

SHA512
60017d201010da0ad6fa0fce7b509f20f668be7c4646e1eaab0506315345d4c83fe34df41843b92aa93967ffe190e69b847fecd56d9b12d4170af2d16d07137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\installer_prefs_include.json.backup

Filesize
1KB

MD5
b01e29a62989aff5de4b64629ae0e744

SHA1
fc2f54dba93d3685a3a683f0d5dff54762faef23

SHA256
7c3eb3e4f29302a1458671d28bb586cec139db10fdcd92c0c978a2c24cf41f19

SHA512
60017d201010da0ad6fa0fce7b509f20f668be7c4646e1eaab0506315345d4c83fe34df41843b92aa93967ffe190e69b847fecd56d9b12d4170af2d16d07137b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\opera_package

Filesize
86.8MB

MD5
d952728a4ce9fa6fd1df1e71f2cdad79

SHA1
62a0cdac813c83cea2f5a406a6940982f33d839a

SHA256
f115d42f06f27045cf1cf04bbfa4591789547ddb3614be6c912fa75bd4eb4cb6

SHA512
8720da841a9d31832b943fb56271e3efcb05520d0d5506a5ce823d8d5e909ebafd796d3d2b8afd82e2479329b84ee1813de5380598a7271ca9d5b64a2d3b4534

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302140214571\pref_default_overrides

Filesize
57B

MD5
f488c9f9d9d5e631484d4bf155f45442

SHA1
0f0e624770e47bea5186748a9de85c677dd84fa7

SHA256
e6f214ff5ccbbe6e7abcf309138cdcb46d3fe3915e9bbbe8dd3c15afb439f708

SHA512
d72d1daa86e650a0589f6991f7a7bb3b7ca3484d49bc0d0d703b28b8f399f3123df2bf3c949a899fab55bde7d888736f655e462e2cd02ade59bbf9e67df54064

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302140214556051704.dll

Filesize
4.6MB

MD5
5ff9275c5cee292fff9034f03bd847e1

SHA1
37bf88e062278882492823c7039b7cf374756ae0

SHA256
2309501e723a011f4bf2b505e178cbb97af4d798a8720d344f2730c4d756ee08

SHA512
f58e5981e25cd6cdd5edb9d9974f137615dee7516d221bf0df08a7425ec68361f29d7b5ca1b835c476fcbcee0df4a028bfa5308867fb3976aaba67cbf8b8dd02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302140214566054820.dll

Filesize
4.6MB

MD5
5ff9275c5cee292fff9034f03bd847e1

SHA1
37bf88e062278882492823c7039b7cf374756ae0

SHA256
2309501e723a011f4bf2b505e178cbb97af4d798a8720d344f2730c4d756ee08

SHA512
f58e5981e25cd6cdd5edb9d9974f137615dee7516d221bf0df08a7425ec68361f29d7b5ca1b835c476fcbcee0df4a028bfa5308867fb3976aaba67cbf8b8dd02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302140214571374588.dll

Filesize
4.6MB

MD5
5ff9275c5cee292fff9034f03bd847e1

SHA1
37bf88e062278882492823c7039b7cf374756ae0

SHA256
2309501e723a011f4bf2b505e178cbb97af4d798a8720d344f2730c4d756ee08

SHA512
f58e5981e25cd6cdd5edb9d9974f137615dee7516d221bf0df08a7425ec68361f29d7b5ca1b835c476fcbcee0df4a028bfa5308867fb3976aaba67cbf8b8dd02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302140214588553036.dll

Filesize
4.6MB

MD5
5ff9275c5cee292fff9034f03bd847e1

SHA1
37bf88e062278882492823c7039b7cf374756ae0

SHA256
2309501e723a011f4bf2b505e178cbb97af4d798a8720d344f2730c4d756ee08

SHA512
f58e5981e25cd6cdd5edb9d9974f137615dee7516d221bf0df08a7425ec68361f29d7b5ca1b835c476fcbcee0df4a028bfa5308867fb3976aaba67cbf8b8dd02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302140214599024052.dll

Filesize
4.6MB

MD5
5ff9275c5cee292fff9034f03bd847e1

SHA1
37bf88e062278882492823c7039b7cf374756ae0

SHA256
2309501e723a011f4bf2b505e178cbb97af4d798a8720d344f2730c4d756ee08

SHA512
f58e5981e25cd6cdd5edb9d9974f137615dee7516d221bf0df08a7425ec68361f29d7b5ca1b835c476fcbcee0df4a028bfa5308867fb3976aaba67cbf8b8dd02

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302140215406994548.dll

Filesize
5.5MB

MD5
7ee1a05f717605b8bb0a2282035be402

SHA1
9885b516e5853e69ad4dd61e932f445d0a5dd76d

SHA256
9abfb792127651d3f1ba83239485574fa597db9362935dc3b62a2667bff22787

SHA512
900616610198fe86cb0992e20305dce9cd46d5acff9bb89b8541da4f83f39d8831ae963c50f489d53d9640431b90b00463adef00ff14dbdcd2f5cc9f8ddeeb24

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302140215418084520.dll

Filesize
5.5MB

MD5
7ee1a05f717605b8bb0a2282035be402

SHA1
9885b516e5853e69ad4dd61e932f445d0a5dd76d

SHA256
9abfb792127651d3f1ba83239485574fa597db9362935dc3b62a2667bff22787

SHA512
900616610198fe86cb0992e20305dce9cd46d5acff9bb89b8541da4f83f39d8831ae963c50f489d53d9640431b90b00463adef00ff14dbdcd2f5cc9f8ddeeb24

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
ec4efe0ebb80b619737bd26180cc76cc

SHA1
7fd72c0eb6bee289e4b2714cf1fb8c197754811b

SHA256
b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

SHA512
384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
ec4efe0ebb80b619737bd26180cc76cc

SHA1
7fd72c0eb6bee289e4b2714cf1fb8c197754811b

SHA256
b1501df2280c557ad1535a504bd43c25611c168fd543008b7949c03b29e70547

SHA512
384ae150773cf07322c614459db9db98e1995f6b185579c7b56763ed0352e043f51d0e840f94ac3e832a1378452f090b68ee281c437b16da3762974723e64e1a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
3b2ee2607396e9735f868d775134ba60

SHA1
f974b262a200557f4b12e9fd7bb290e585c6ffd6

SHA256
554d76766c86161530f286ad1bb26f374bf785587f6a233b6a8d238b40c27155

SHA512
73485acd4ddaa25efd55c7e237da92916eaab6e3935dc2a9ce8f87a0c76da2c54d93a6ea8939ac81c5bba9bc04d1b1994676c076d639954f3aae51cd7cb2a2db

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
3b2ee2607396e9735f868d775134ba60

SHA1
f974b262a200557f4b12e9fd7bb290e585c6ffd6

SHA256
554d76766c86161530f286ad1bb26f374bf785587f6a233b6a8d238b40c27155

SHA512
73485acd4ddaa25efd55c7e237da92916eaab6e3935dc2a9ce8f87a0c76da2c54d93a6ea8939ac81c5bba9bc04d1b1994676c076d639954f3aae51cd7cb2a2db

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
3b2ee2607396e9735f868d775134ba60

SHA1
f974b262a200557f4b12e9fd7bb290e585c6ffd6

SHA256
554d76766c86161530f286ad1bb26f374bf785587f6a233b6a8d238b40c27155

SHA512
73485acd4ddaa25efd55c7e237da92916eaab6e3935dc2a9ce8f87a0c76da2c54d93a6ea8939ac81c5bba9bc04d1b1994676c076d639954f3aae51cd7cb2a2db

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
3b2ee2607396e9735f868d775134ba60

SHA1
f974b262a200557f4b12e9fd7bb290e585c6ffd6

SHA256
554d76766c86161530f286ad1bb26f374bf785587f6a233b6a8d238b40c27155

SHA512
73485acd4ddaa25efd55c7e237da92916eaab6e3935dc2a9ce8f87a0c76da2c54d93a6ea8939ac81c5bba9bc04d1b1994676c076d639954f3aae51cd7cb2a2db

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
3b2ee2607396e9735f868d775134ba60

SHA1
f974b262a200557f4b12e9fd7bb290e585c6ffd6

SHA256
554d76766c86161530f286ad1bb26f374bf785587f6a233b6a8d238b40c27155

SHA512
73485acd4ddaa25efd55c7e237da92916eaab6e3935dc2a9ce8f87a0c76da2c54d93a6ea8939ac81c5bba9bc04d1b1994676c076d639954f3aae51cd7cb2a2db

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

Filesize
647B

MD5
3a3ab03676fbd1f9f206e653f316b6ec

SHA1
9107a34cd71a0f0844a9a170c052c51eb9652e54

SHA256
7cc030045f79d04797467ccf40958389268eaf191792bd8d22353beddee8e1f3

SHA512
e2d9765a25c9e4b38249930ccff7761b207e68ee3d94a9560ef08fecb35b3696259bebac5077f8ca1eb7949b7e4acf009c4a9868959afa4206d23bd7909bc580

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

Filesize
5.2MB

MD5
58e22c0ee91280156cdaadacac7acddb

SHA1
189c552c94a9b0ae0208763bca77f2801debc224

SHA256
765cab48564743844b057e21eab768d5d84194a635b09d02d9d2909f632f5714

SHA512
9f510c896d641919b037e201f5ba9de476241e7cab1004d92a85df4b9240ff947737619921b1223cd926c8c5a6e667dc76cad37e818d2a9d144b826836d562c6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Opera Browser.lnk

Filesize
1KB

MD5
33b891bad078d1796a3ceb1875e10fde

SHA1
af175095d201b0263c5115ab8db6e68f5e4af3fa

SHA256
5bd903509791be21929e5d7ee1ac8c12750376779b1b003060715dc6d0b65473

SHA512
21ef200d7010ef74f4db45e389b6066ed9939aaa49662e633e5b4053fa5f2ee001daec28c94c34f7956652614a97a9c45b2ee2f33da89eaa53370727a910c171

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
f4f8a2e3c52f1ec17ccc91bd27d7ffe3

SHA1
cd2dd1c034d30e3fc1f023e465082abded899658

SHA256
e39cc6c46027281b3c4c019ae2cfc2335875904d39e0405d3b4a605a5e1cd775

SHA512
da3b5e870a95d4a94828ef8161d19500670f95bf7654b89551246e90e6133322e88e3a039db3e1ccb1b5eaae99759236adaf96f872d78d6d9f093f555ed2bf11

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
f4f8a2e3c52f1ec17ccc91bd27d7ffe3

SHA1
cd2dd1c034d30e3fc1f023e465082abded899658

SHA256
e39cc6c46027281b3c4c019ae2cfc2335875904d39e0405d3b4a605a5e1cd775

SHA512
da3b5e870a95d4a94828ef8161d19500670f95bf7654b89551246e90e6133322e88e3a039db3e1ccb1b5eaae99759236adaf96f872d78d6d9f093f555ed2bf11

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
f4f8a2e3c52f1ec17ccc91bd27d7ffe3

SHA1
cd2dd1c034d30e3fc1f023e465082abded899658

SHA256
e39cc6c46027281b3c4c019ae2cfc2335875904d39e0405d3b4a605a5e1cd775

SHA512
da3b5e870a95d4a94828ef8161d19500670f95bf7654b89551246e90e6133322e88e3a039db3e1ccb1b5eaae99759236adaf96f872d78d6d9f093f555ed2bf11

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
f4f8a2e3c52f1ec17ccc91bd27d7ffe3

SHA1
cd2dd1c034d30e3fc1f023e465082abded899658

SHA256
e39cc6c46027281b3c4c019ae2cfc2335875904d39e0405d3b4a605a5e1cd775

SHA512
da3b5e870a95d4a94828ef8161d19500670f95bf7654b89551246e90e6133322e88e3a039db3e1ccb1b5eaae99759236adaf96f872d78d6d9f093f555ed2bf11

Download Submit
memory/1660-141-0x0000000006370000-0x0000000006373000-memory.dmp

Filesize
12KB

Download
memory/1660-140-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1660-142-0x00000000003E0000-0x00000000007C8000-memory.dmp

Filesize
3.9MB

Download
memory/1660-137-0x00000000003E0000-0x00000000007C8000-memory.dmp

Filesize
3.9MB

Download
memory/1660-184-0x00000000003E0000-0x00000000007C8000-memory.dmp

Filesize
3.9MB

Download
memory/1660-183-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1704-278-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/1704-206-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/1704-157-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/3036-276-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/3036-173-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/3660-217-0x000001D99DB40000-0x000001D99DB50000-memory.dmp

Filesize
64KB

Download
memory/3660-216-0x000001D99DA40000-0x000001D99DA50000-memory.dmp

Filesize
64KB

Download
memory/4008-152-0x0000000000C30000-0x0000000001018000-memory.dmp

Filesize
3.9MB

Download
memory/4008-159-0x0000000000C30000-0x0000000001018000-memory.dmp

Filesize
3.9MB

Download
memory/4052-178-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/4052-279-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/4332-189-0x0000000002CA0000-0x0000000003CA0000-memory.dmp

Filesize
16.0MB

Download
memory/4332-218-0x0000000002CA0000-0x0000000003CA0000-memory.dmp

Filesize
16.0MB

Download
memory/4332-215-0x0000000002CA0000-0x0000000003CA0000-memory.dmp

Filesize
16.0MB

Download
memory/4588-167-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/4820-280-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download
memory/4820-162-0x0000000000400000-0x0000000000947000-memory.dmp

Filesize
5.3MB

Download