Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

10

Analysis

  • max time kernel
    79s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240226-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29-03-2024 10:09

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    5c5c55ed366652aafee3e02431937ac850873d9a4efb8aaf4f0497e2289b1d64.exe

  • Size

    1.8MB

  • MD5

    b2e05d2e690a891bc23fad747703033f

  • SHA1

    b121788896290d34bea15b3b60793434948d6636

  • SHA256

    5c5c55ed366652aafee3e02431937ac850873d9a4efb8aaf4f0497e2289b1d64

  • SHA512

    ab0a7da0e651fe30fce358dd73803b6ac07e04864e979ce8831b03a523386efc0420491d1b429e295e1695dcf983ed2ef425385c125938ab8e57982fc2ef1a44

  • SSDEEP

    49152:xAfn0UqxNzHcSQfMVLPPBq+49Yf2WQDPZ/Cq:C0UqxNz8SJVjJ/GW2/Cq

Score
10/10
amadeygluptebaredlinerhadamanthysriseprostealczgratlivetrafficdiscoverydropperevasioninfostealerloaderpersistenceratspywarestealertrojan

Malware Config

Extracted

Family

amadey

Version

4.18

C2

http://193.233.132.56

Attributes
  • install_dir

    09fd851a4f

  • install_file

    explorha.exe

  • strings_key

    443351145ece4966ded809641c77cfa8

  • url_paths

    /Pneh2sXQk0/index.php

rc4.plain

Extracted

Family

amadey

Version

4.17

C2

http://185.215.113.32

Attributes
  • install_dir

    00c07260dc

  • install_file

    explorgu.exe

  • strings_key

    461809bd97c251ba0c0c8450c7055f1d

  • url_paths

    /yandex/index.php

rc4.plain

Extracted

Family

redline

Botnet

LiveTraffic

C2

4.185.137.132:1632

Extracted

Family

stealc

C2

http://185.172.128.209

Attributes
  • url_path

    /3cd2b41cbde8fc9c.php

Signatures

  • Amadey

    Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.

    trojanamadey
  • Detect ZGRat V1 3 IoCs
  • Glupteba

    Glupteba is a modular loader written in Golang with various components.

    loaderdropperglupteba
  • Glupteba payload 6 IoCs
  • RedLine

    RedLine Stealer is a malware family written in C#, first appearing in early 2020.

    infostealerredline
  • RedLine payload 5 IoCs
  • Rhadamanthys

    Rhadamanthys is an info stealer written in C++ first seen in August 2022.

    stealerrhadamanthys
  • RisePro

    RisePro stealer is an infostealer distributed by PrivateLoader.

    stealerrisepro
  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc
  • Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
  • ZGRat

    ZGRat is remote access trojan written in C#.

    ratzgrat
  • Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 8 IoCs
    evasion
  • Blocklisted process makes network request 4 IoCs
  • Downloads MZ/PE file
  • Modifies Windows Firewall 2 TTPs 3 IoCs
    evasion
  • Checks BIOS information in registry 2 TTPs 16 IoCs

    BIOS information is often read in order to detect sandboxing environments.

  • Checks computer location settings 2 TTPs 10 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 37 IoCs
  • Identifies Wine through registry keys 2 TTPs 8 IoCs

    Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

    evasion
  • Loads dropped DLL 19 IoCs
  • Reads WinSCP keys stored on the system 2 TTPs

    Tries to access WinSCP stored sessions.

    spywarestealer
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

    spywarestealer
  • Reads local data of messenger clients 2 TTPs

    Infostealers often target stored data of messaging applications, which can include saved credentials and account information.

    spywarestealer
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
    spyware
  • Adds Run key to start application 2 TTPs 4 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Enumerates connected drives 3 TTPs 6 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • AutoIT Executable 1 IoCs

    AutoIT scripts compiled to PE executables.

  • Drops file in System32 directory 6 IoCs
  • Suspicious use of NtSetInformationThreadHideFromDebugger 6 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Checks for VirtualBox DLLs, possible anti-VM trick 1 TTPs 3 IoCs

    Certain files are specific to VirtualBox VMs and can be used to detect execution in a VM.

  • Drops file in Windows directory 2 IoCs
  • Launches sc.exe 1 IoCs

    Sc.exe is a Windows utlilty to control services on the system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 5 IoCs
  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Creates scheduled task(s) 1 TTPs 3 IoCs

    Schtasks is often used by malware for persistence or to perform post-infection execution.

    persistence
  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 64 IoCs
  • Modifies registry class 43 IoCs
  • Modifies system certificate store 2 TTPs 5 IoCs
    evasionspywaretrojan
  • Runs ping.exe 1 TTPs 1 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 38 IoCs
  • Suspicious use of FindShellTrayWindow 37 IoCs
  • Suspicious use of SendNotifyMessage 36 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\sihost.exe
    sihost.exe
    1⤵
      PID:2948
      • C:\Windows\SysWOW64\dialer.exe
        "C:\Windows\system32\dialer.exe"
        2⤵
          PID:7148
      • C:\Users\Admin\AppData\Local\Temp\5c5c55ed366652aafee3e02431937ac850873d9a4efb8aaf4f0497e2289b1d64.exe
        "C:\Users\Admin\AppData\Local\Temp\5c5c55ed366652aafee3e02431937ac850873d9a4efb8aaf4f0497e2289b1d64.exe"
        1⤵
        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
        • Checks BIOS information in registry
        • Checks computer location settings
        • Identifies Wine through registry keys
        • Suspicious use of NtSetInformationThreadHideFromDebugger
        • Drops file in Windows directory
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of WriteProcessMemory
        PID:4200
        • C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
          "C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe"
          2⤵
          • Identifies VirtualBox via ACPI registry values (likely anti-VM)
          • Checks BIOS information in registry
          • Checks computer location settings
          • Executes dropped EXE
          • Identifies Wine through registry keys
          • Adds Run key to start application
          • Suspicious use of NtSetInformationThreadHideFromDebugger
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of WriteProcessMemory
          PID:4864
          • C:\Users\Admin\AppData\Local\Temp\1000042001\faf76924b5.exe
            "C:\Users\Admin\AppData\Local\Temp\1000042001\faf76924b5.exe"
            3⤵
            • Identifies VirtualBox via ACPI registry values (likely anti-VM)
            • Checks BIOS information in registry
            • Executes dropped EXE
            • Identifies Wine through registry keys
            PID:3528
          • C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
            "C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe"
            3⤵
              PID:5224
            • C:\Users\Admin\AppData\Local\Temp\1000044001\go.exe
              "C:\Users\Admin\AppData\Local\Temp\1000044001\go.exe"
              3⤵
              • Executes dropped EXE
              • Suspicious use of FindShellTrayWindow
              • Suspicious use of SendNotifyMessage
              • Suspicious use of WriteProcessMemory
              PID:4344
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/account
                4⤵
                • Enumerates system info in registry
                • Suspicious behavior: EnumeratesProcesses
                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                • Suspicious use of FindShellTrayWindow
                • Suspicious use of SendNotifyMessage
                • Suspicious use of WriteProcessMemory
                PID:4456
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfa2446f8,0x7ffdfa244708,0x7ffdfa244718
                  5⤵
                    PID:1376
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
                    5⤵
                      PID:696
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
                      5⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1108
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
                      5⤵
                        PID:5644
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
                        5⤵
                          PID:5752
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
                          5⤵
                            PID:4284
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3880 /prefetch:1
                            5⤵
                              PID:3696
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
                              5⤵
                                PID:4916
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
                                5⤵
                                  PID:4508
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
                                  5⤵
                                    PID:2144
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
                                    5⤵
                                      PID:1468
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
                                      5⤵
                                      • Suspicious behavior: EnumeratesProcesses
                                      PID:3772
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
                                      5⤵
                                        PID:3456
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
                                        5⤵
                                          PID:3552
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6212 /prefetch:1
                                          5⤵
                                            PID:3220
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,9201375211963683934,3454030216111822969,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
                                            5⤵
                                              PID:2356
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.facebook.com/video
                                            4⤵
                                            • Suspicious use of WriteProcessMemory
                                            PID:2708
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffdfa2446f8,0x7ffdfa244708,0x7ffdfa244718
                                              5⤵
                                                PID:3920
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1968,11658374259504951383,18422506498513087319,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1840 /prefetch:2
                                                5⤵
                                                  PID:5520
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1968,11658374259504951383,18422506498513087319,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
                                                  5⤵
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:5440
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://accounts.google.com/
                                                4⤵
                                                • Suspicious use of WriteProcessMemory
                                                PID:544
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdfa2446f8,0x7ffdfa244708,0x7ffdfa244718
                                                  5⤵
                                                    PID:3780
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1852,11115864483380413260,7662294277604320940,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 /prefetch:3
                                                    5⤵
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:1096
                                              • C:\Users\Admin\AppData\Local\Temp\1000046001\amert.exe
                                                "C:\Users\Admin\AppData\Local\Temp\1000046001\amert.exe"
                                                3⤵
                                                • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                • Checks BIOS information in registry
                                                • Executes dropped EXE
                                                • Identifies Wine through registry keys
                                                • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                • Drops file in Windows directory
                                                • Suspicious behavior: EnumeratesProcesses
                                                PID:5924
                                              • C:\Windows\SysWOW64\rundll32.exe
                                                "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
                                                3⤵
                                                • Loads dropped DLL
                                                PID:4908
                                                • C:\Windows\system32\rundll32.exe
                                                  "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
                                                  4⤵
                                                  • Blocklisted process makes network request
                                                  • Loads dropped DLL
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1336
                                                  • C:\Windows\system32\netsh.exe
                                                    netsh wlan show profiles
                                                    5⤵
                                                      PID:5900
                                                    • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                      powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\999976163400_Desktop.zip' -CompressionLevel Optimal
                                                      5⤵
                                                      • Suspicious behavior: EnumeratesProcesses
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:4020
                                                • C:\Windows\SysWOW64\rundll32.exe
                                                  "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\clip64.dll, Main
                                                  3⤵
                                                  • Blocklisted process makes network request
                                                  • Loads dropped DLL
                                                  PID:5104
                                            • C:\Windows\System32\CompPkgSrv.exe
                                              C:\Windows\System32\CompPkgSrv.exe -Embedding
                                              1⤵
                                                PID:4992
                                              • C:\Windows\System32\CompPkgSrv.exe
                                                C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                1⤵
                                                  PID:2848
                                                • C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                  C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                  1⤵
                                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                  • Checks BIOS information in registry
                                                  • Executes dropped EXE
                                                  • Identifies Wine through registry keys
                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:4300
                                                • C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                  C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
                                                  1⤵
                                                  • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                  • Checks BIOS information in registry
                                                  • Checks computer location settings
                                                  • Executes dropped EXE
                                                  • Identifies Wine through registry keys
                                                  • Adds Run key to start application
                                                  • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:3404
                                                  • C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe"
                                                    2⤵
                                                    • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                    • Checks BIOS information in registry
                                                    • Executes dropped EXE
                                                    • Identifies Wine through registry keys
                                                    PID:4648
                                                  • C:\Users\Admin\AppData\Local\Temp\1000985001\alex1234.exe
                                                    "C:\Users\Admin\AppData\Local\Temp\1000985001\alex1234.exe"
                                                    2⤵
                                                    • Executes dropped EXE
                                                    • Suspicious use of SetThreadContext
                                                    PID:3552
                                                    • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                      3⤵
                                                      • Checks computer location settings
                                                      • Suspicious use of AdjustPrivilegeToken
                                                      PID:1860
                                                      • C:\Users\Admin\AppData\Roaming\configurationValue\propro.exe
                                                        "C:\Users\Admin\AppData\Roaming\configurationValue\propro.exe"
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Modifies system certificate store
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:4992
                                                      • C:\Users\Admin\AppData\Roaming\configurationValue\Traffic.exe
                                                        "C:\Users\Admin\AppData\Roaming\configurationValue\Traffic.exe"
                                                        4⤵
                                                        • Executes dropped EXE
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:4688
                                                      • C:\Windows\SysWOW64\cmd.exe
                                                        "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "RegAsm.exe"
                                                        4⤵
                                                          PID:5804
                                                          • C:\Windows\SysWOW64\choice.exe
                                                            choice /C Y /N /D Y /T 3
                                                            5⤵
                                                              PID:1408
                                                      • C:\Users\Admin\AppData\Local\Temp\1001031001\amadka.exe
                                                        "C:\Users\Admin\AppData\Local\Temp\1001031001\amadka.exe"
                                                        2⤵
                                                        • Identifies VirtualBox via ACPI registry values (likely anti-VM)
                                                        • Checks BIOS information in registry
                                                        • Executes dropped EXE
                                                        • Identifies Wine through registry keys
                                                        • Suspicious use of NtSetInformationThreadHideFromDebugger
                                                        • Suspicious behavior: EnumeratesProcesses
                                                        PID:464
                                                      • C:\Users\Admin\AppData\Local\Temp\1001039001\redlinepanel.exe
                                                        "C:\Users\Admin\AppData\Local\Temp\1001039001\redlinepanel.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:2632
                                                      • C:\Users\Admin\AppData\Local\Temp\1001040001\32456.exe
                                                        "C:\Users\Admin\AppData\Local\Temp\1001040001\32456.exe"
                                                        2⤵
                                                        • Executes dropped EXE
                                                        • Suspicious use of AdjustPrivilegeToken
                                                        PID:6076
                                                      • C:\Windows\SysWOW64\rundll32.exe
                                                        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
                                                        2⤵
                                                        • Loads dropped DLL
                                                        PID:5308
                                                        • C:\Windows\system32\rundll32.exe
                                                          "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
                                                          3⤵
                                                          • Blocklisted process makes network request
                                                          • Loads dropped DLL
                                                          • Suspicious behavior: EnumeratesProcesses
                                                          PID:1940
                                                          • C:\Windows\system32\netsh.exe
                                                            netsh wlan show profiles
                                                            4⤵
                                                              PID:3224
                                                            • C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
                                                              powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\999976163400_Desktop.zip' -CompressionLevel Optimal
                                                              4⤵
                                                              • Suspicious use of AdjustPrivilegeToken
                                                              PID:208
                                                        • C:\Users\Admin\AppData\Local\Temp\1001050001\NewB.exe
                                                          "C:\Users\Admin\AppData\Local\Temp\1001050001\NewB.exe"
                                                          2⤵
                                                          • Checks computer location settings
                                                          • Executes dropped EXE
                                                          PID:5516
                                                          • C:\Windows\SysWOW64\schtasks.exe
                                                            "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN NewB.exe /TR "C:\Users\Admin\AppData\Local\Temp\1001050001\NewB.exe" /F
                                                            3⤵
                                                            • Creates scheduled task(s)
                                                            PID:5840
                                                        • C:\Users\Admin\AppData\Local\Temp\1001053001\goldprimeldlldf.exe
                                                          "C:\Users\Admin\AppData\Local\Temp\1001053001\goldprimeldlldf.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • Suspicious use of SetThreadContext
                                                          PID:3464
                                                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                            3⤵
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:2924
                                                        • C:\Users\Admin\AppData\Local\Temp\1001055001\file300un.exe
                                                          "C:\Users\Admin\AppData\Local\Temp\1001055001\file300un.exe"
                                                          2⤵
                                                          • Executes dropped EXE
                                                          • Suspicious use of SetThreadContext
                                                          PID:3532
                                                          • C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
                                                            "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
                                                            3⤵
                                                            • Checks computer location settings
                                                            • Suspicious use of AdjustPrivilegeToken
                                                            PID:5364
                                                            • C:\Users\Admin\Pictures\5qnmaPTLQPHEFQCLQarcFDZK.exe
                                                              "C:\Users\Admin\Pictures\5qnmaPTLQPHEFQCLQarcFDZK.exe"
                                                              4⤵
                                                              • Checks computer location settings
                                                              • Executes dropped EXE
                                                              PID:6052
                                                              • C:\Users\Admin\AppData\Local\Temp\u4o4.0.exe
                                                                "C:\Users\Admin\AppData\Local\Temp\u4o4.0.exe"
                                                                5⤵
                                                                • Checks computer location settings
                                                                • Executes dropped EXE
                                                                • Loads dropped DLL
                                                                • Checks processor information in registry
                                                                PID:3036
                                                                • C:\Windows\SysWOW64\cmd.exe
                                                                  "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\BKFHCGIDBA.exe"
                                                                  6⤵
                                                                    PID:5624
                                                                    • C:\Users\Admin\AppData\Local\Temp\BKFHCGIDBA.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\BKFHCGIDBA.exe"
                                                                      7⤵
                                                                      • Checks computer location settings
                                                                      • Executes dropped EXE
                                                                      PID:4928
                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                        "C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\Admin\AppData\Local\Temp\BKFHCGIDBA.exe
                                                                        8⤵
                                                                          PID:5704
                                                                          • C:\Windows\SysWOW64\PING.EXE
                                                                            ping 2.2.2.2 -n 1 -w 3000
                                                                            9⤵
                                                                            • Runs ping.exe
                                                                            PID:6560
                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 3036 -s 3348
                                                                      6⤵
                                                                      • Program crash
                                                                      PID:3684
                                                                  • C:\Users\Admin\AppData\Local\Temp\u4o4.1.exe
                                                                    "C:\Users\Admin\AppData\Local\Temp\u4o4.1.exe"
                                                                    5⤵
                                                                    • Checks computer location settings
                                                                    • Executes dropped EXE
                                                                    • Checks SCSI registry key(s)
                                                                    • Suspicious use of FindShellTrayWindow
                                                                    • Suspicious use of SendNotifyMessage
                                                                    PID:6548
                                                                    • C:\Users\Admin\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
                                                                      "C:\Users\Admin\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe" /eieci=11A12794-499E-4FA0-A281-A9A9AA8B2685 /eipi=5488CB36-BE62-4606-B07B-2EE938868BD1
                                                                      6⤵
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:2800
                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 6052 -s 1448
                                                                    5⤵
                                                                    • Program crash
                                                                    PID:6684
                                                                • C:\Users\Admin\Pictures\B7fKSiGZCoN1839einCu52kc.exe
                                                                  "C:\Users\Admin\Pictures\B7fKSiGZCoN1839einCu52kc.exe"
                                                                  4⤵
                                                                  • Executes dropped EXE
                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                  PID:2932
                                                                  • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                    powershell -nologo -noprofile
                                                                    5⤵
                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                    PID:3904
                                                                  • C:\Users\Admin\Pictures\B7fKSiGZCoN1839einCu52kc.exe
                                                                    "C:\Users\Admin\Pictures\B7fKSiGZCoN1839einCu52kc.exe"
                                                                    5⤵
                                                                    • Executes dropped EXE
                                                                    • Checks for VirtualBox DLLs, possible anti-VM trick
                                                                    • Modifies data under HKEY_USERS
                                                                    PID:6732
                                                                    • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                      powershell -nologo -noprofile
                                                                      6⤵
                                                                      • Drops file in System32 directory
                                                                      • Modifies data under HKEY_USERS
                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                      PID:6924
                                                                    • C:\Windows\system32\cmd.exe
                                                                      C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
                                                                      6⤵
                                                                        PID:1400
                                                                        • C:\Windows\system32\netsh.exe
                                                                          netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                                                                          7⤵
                                                                          • Modifies Windows Firewall
                                                                          PID:3576
                                                                      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                        powershell -nologo -noprofile
                                                                        6⤵
                                                                        • Drops file in System32 directory
                                                                        • Modifies data under HKEY_USERS
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:5764
                                                                      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                        powershell -nologo -noprofile
                                                                        6⤵
                                                                        • Modifies data under HKEY_USERS
                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                        PID:6744
                                                                      • C:\Windows\rss\csrss.exe
                                                                        C:\Windows\rss\csrss.exe
                                                                        6⤵
                                                                          PID:5264
                                                                          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                            powershell -nologo -noprofile
                                                                            7⤵
                                                                              PID:3696
                                                                            • C:\Windows\SYSTEM32\schtasks.exe
                                                                              schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                                                                              7⤵
                                                                              • Creates scheduled task(s)
                                                                              PID:4032
                                                                            • C:\Windows\SYSTEM32\schtasks.exe
                                                                              schtasks /delete /tn ScheduledUpdate /f
                                                                              7⤵
                                                                                PID:4280
                                                                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                powershell -nologo -noprofile
                                                                                7⤵
                                                                                  PID:6180
                                                                                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                  powershell -nologo -noprofile
                                                                                  7⤵
                                                                                    PID:4020
                                                                                    • C:\Windows\System32\Conhost.exe
                                                                                      \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                      8⤵
                                                                                        PID:5624
                                                                                    • C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe
                                                                                      C:\Users\Admin\AppData\Local\Temp\csrss\injector\injector.exe taskmgr.exe C:\Users\Admin\AppData\Local\Temp\csrss\injector\NtQuerySystemInformationHook.dll
                                                                                      7⤵
                                                                                        PID:6044
                                                                                      • C:\Windows\SYSTEM32\schtasks.exe
                                                                                        schtasks /CREATE /SC ONLOGON /RL HIGHEST /TR "C:\Windows\rss\csrss.exe" /TN csrss /F
                                                                                        7⤵
                                                                                        • Creates scheduled task(s)
                                                                                        PID:1976
                                                                                      • C:\Windows\windefender.exe
                                                                                        "C:\Windows\windefender.exe"
                                                                                        7⤵
                                                                                          PID:2548
                                                                                          • C:\Windows\SysWOW64\cmd.exe
                                                                                            cmd.exe /C sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                                                                                            8⤵
                                                                                              PID:2200
                                                                                              • C:\Windows\SysWOW64\sc.exe
                                                                                                sc sdset WinDefender D:(A;;CCLCSWRPWPDTLOCRRC;;;SY)(A;;CCDCLCSWRPLOCRSDRCWDWO;;;BA)(D;;WPDT;;;BA)(A;;CCLCSWLOCRRC;;;IU)(A;;CCLCSWLOCRRC;;;SU)S:(AU;FA;CCDCLCSWRPWPDTLOCRSDRCWDWO;;;WD)
                                                                                                9⤵
                                                                                                • Launches sc.exe
                                                                                                PID:6364
                                                                                    • C:\Users\Admin\Pictures\FxcpQC1akvPjOjARjeKKsR7y.exe
                                                                                      "C:\Users\Admin\Pictures\FxcpQC1akvPjOjARjeKKsR7y.exe"
                                                                                      4⤵
                                                                                      • Executes dropped EXE
                                                                                      • Suspicious use of AdjustPrivilegeToken
                                                                                      PID:4868
                                                                                      • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                        powershell -nologo -noprofile
                                                                                        5⤵
                                                                                        • Suspicious use of AdjustPrivilegeToken
                                                                                        PID:1368
                                                                                      • C:\Users\Admin\Pictures\FxcpQC1akvPjOjARjeKKsR7y.exe
                                                                                        "C:\Users\Admin\Pictures\FxcpQC1akvPjOjARjeKKsR7y.exe"
                                                                                        5⤵
                                                                                        • Executes dropped EXE
                                                                                        • Checks for VirtualBox DLLs, possible anti-VM trick
                                                                                        PID:2052
                                                                                        • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                          powershell -nologo -noprofile
                                                                                          6⤵
                                                                                          • Drops file in System32 directory
                                                                                          • Modifies data under HKEY_USERS
                                                                                          • Suspicious use of AdjustPrivilegeToken
                                                                                          PID:5268
                                                                                        • C:\Windows\system32\cmd.exe
                                                                                          C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
                                                                                          6⤵
                                                                                            PID:6452
                                                                                            • C:\Windows\system32\netsh.exe
                                                                                              netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                                                                                              7⤵
                                                                                              • Modifies Windows Firewall
                                                                                              PID:6408
                                                                                          • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                            powershell -nologo -noprofile
                                                                                            6⤵
                                                                                              PID:712
                                                                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              powershell -nologo -noprofile
                                                                                              6⤵
                                                                                                PID:2396
                                                                                          • C:\Users\Admin\Pictures\m09nlblN3fejwcnr0XgfYPB2.exe
                                                                                            "C:\Users\Admin\Pictures\m09nlblN3fejwcnr0XgfYPB2.exe"
                                                                                            4⤵
                                                                                            • Executes dropped EXE
                                                                                            • Suspicious use of AdjustPrivilegeToken
                                                                                            PID:2304
                                                                                            • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                              powershell -nologo -noprofile
                                                                                              5⤵
                                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                                              PID:6860
                                                                                            • C:\Users\Admin\Pictures\m09nlblN3fejwcnr0XgfYPB2.exe
                                                                                              "C:\Users\Admin\Pictures\m09nlblN3fejwcnr0XgfYPB2.exe"
                                                                                              5⤵
                                                                                              • Executes dropped EXE
                                                                                              • Checks for VirtualBox DLLs, possible anti-VM trick
                                                                                              PID:6480
                                                                                              • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                powershell -nologo -noprofile
                                                                                                6⤵
                                                                                                • Drops file in System32 directory
                                                                                                • Modifies data under HKEY_USERS
                                                                                                • Suspicious use of AdjustPrivilegeToken
                                                                                                PID:6988
                                                                                              • C:\Windows\system32\cmd.exe
                                                                                                C:\Windows\Sysnative\cmd.exe /C "netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes"
                                                                                                6⤵
                                                                                                  PID:6032
                                                                                                  • C:\Windows\system32\netsh.exe
                                                                                                    netsh advfirewall firewall add rule name="csrss" dir=in action=allow program="C:\Windows\rss\csrss.exe" enable=yes
                                                                                                    7⤵
                                                                                                    • Modifies Windows Firewall
                                                                                                    PID:4516
                                                                                                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  powershell -nologo -noprofile
                                                                                                  6⤵
                                                                                                  • Drops file in System32 directory
                                                                                                  • Modifies data under HKEY_USERS
                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                  PID:864
                                                                                                • C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                  powershell -nologo -noprofile
                                                                                                  6⤵
                                                                                                  • Modifies data under HKEY_USERS
                                                                                                  • Suspicious use of AdjustPrivilegeToken
                                                                                                  PID:4260
                                                                                                  • C:\Windows\System32\Conhost.exe
                                                                                                    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                    7⤵
                                                                                                      PID:1408
                                                                                              • C:\Users\Admin\Pictures\KIcZgPDV35OYFxR7Awn9R96V.exe
                                                                                                "C:\Users\Admin\Pictures\KIcZgPDV35OYFxR7Awn9R96V.exe" --silent --allusers=0
                                                                                                4⤵
                                                                                                • Executes dropped EXE
                                                                                                • Loads dropped DLL
                                                                                                • Enumerates connected drives
                                                                                                • Modifies system certificate store
                                                                                                PID:4920
                                                                                                • C:\Users\Admin\Pictures\KIcZgPDV35OYFxR7Awn9R96V.exe
                                                                                                  C:\Users\Admin\Pictures\KIcZgPDV35OYFxR7Awn9R96V.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.35 --initial-client-data=0x29c,0x2a0,0x2a4,0x278,0x2a8,0x6b65e1d0,0x6b65e1dc,0x6b65e1e8
                                                                                                  5⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Loads dropped DLL
                                                                                                  PID:5352
                                                                                                • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\KIcZgPDV35OYFxR7Awn9R96V.exe
                                                                                                  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\KIcZgPDV35OYFxR7Awn9R96V.exe" --version
                                                                                                  5⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Loads dropped DLL
                                                                                                  PID:3060
                                                                                                • C:\Users\Admin\Pictures\KIcZgPDV35OYFxR7Awn9R96V.exe
                                                                                                  "C:\Users\Admin\Pictures\KIcZgPDV35OYFxR7Awn9R96V.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=4920 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240329101022" --session-guid=deadd818-48c2-41f8-a4f6-08f5dbe3d63f --server-tracking-blob=M2E1ZjM1NjI4YTgxNTU3YmUzMmY1NzlkNzYwZjQ4ODIwNmQ5OTVjMjFhYTJkZGUyYWEwNzllOTgwODdkOWI2Mzp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1ta3QmdXRtX2NhbXBhaWduPTc2N180NTYiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MDcwMjAuNjE5MSIsInV0bSI6eyJjYW1wYWlnbiI6Ijc2N180NTYiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJta3QifSwidXVpZCI6IjJmNDJjMGI0LTY1MTQtNDI5Ny1hZDJlLTYwN2YzY2VhMGUyZSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=DC04000000000000
                                                                                                  5⤵
                                                                                                  • Executes dropped EXE
                                                                                                  • Loads dropped DLL
                                                                                                  • Enumerates connected drives
                                                                                                  PID:4108
                                                                                                  • C:\Users\Admin\Pictures\KIcZgPDV35OYFxR7Awn9R96V.exe
                                                                                                    C:\Users\Admin\Pictures\KIcZgPDV35OYFxR7Awn9R96V.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.35 --initial-client-data=0x2c0,0x2c4,0x2c8,0x2bc,0x2cc,0x6aafe1d0,0x6aafe1dc,0x6aafe1e8
                                                                                                    6⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    PID:5864
                                                                                                  • C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\installer.exe
                                                                                                    "C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\installer.exe" --backend --initial-pid=4920 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --show-intro-overlay --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221" --session-guid=deadd818-48c2-41f8-a4f6-08f5dbe3d63f --server-tracking-blob=M2E1ZjM1NjI4YTgxNTU3YmUzMmY1NzlkNzYwZjQ4ODIwNmQ5OTVjMjFhYTJkZGUyYWEwNzllOTgwODdkOWI2Mzp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1ta3QmdXRtX2NhbXBhaWduPTc2N180NTYiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE3MDcwMjAuNjE5MSIsInV0bSI6eyJjYW1wYWlnbiI6Ijc2N180NTYiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJta3QifSwidXVpZCI6IjJmNDJjMGI0LTY1MTQtNDI5Ny1hZDJlLTYwN2YzY2VhMGUyZSJ9 --silent --desktopshortcut=1 --install-subfolder=109.0.5097.35
                                                                                                    6⤵
                                                                                                    • Executes dropped EXE
                                                                                                    • Loads dropped DLL
                                                                                                    • Registers COM server for autorun
                                                                                                    • Enumerates connected drives
                                                                                                    • Modifies registry class
                                                                                                    • Suspicious use of FindShellTrayWindow
                                                                                                    • Suspicious use of SendNotifyMessage
                                                                                                    • Suspicious use of SetWindowsHookEx
                                                                                                    PID:7148
                                                                                                    • C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\installer.exe
                                                                                                      C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.35 --initial-client-data=0x264,0x268,0x26c,0x240,0x270,0x7ffe062a7c80,0x7ffe062a7c8c,0x7ffe062a7c98
                                                                                                      7⤵
                                                                                                      • Executes dropped EXE
                                                                                                      • Loads dropped DLL
                                                                                                      PID:5360
                                                                                                    • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\assistant\assistant_installer.exe
                                                                                                      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\assistant\assistant_installer.exe" --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera\assistant" --copyonly=0 --allusers=0
                                                                                                      7⤵
                                                                                                        PID:5804
                                                                                                        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\assistant\assistant_installer.exe
                                                                                                          "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x26c,0x270,0x274,0x248,0x278,0xd40040,0xd4004c,0xd40058
                                                                                                          8⤵
                                                                                                            PID:6872
                                                                                                        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --ran-launcher --install-extension="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\be76331b95dfc399cd776d2fc68021e0db03cc4f.crx"
                                                                                                          7⤵
                                                                                                            PID:3500
                                                                                                            • C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe
                                                                                                              C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.35 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffde92c3150,0x7ffde92c3160,0x7ffde92c3170
                                                                                                              8⤵
                                                                                                                PID:6076
                                                                                                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,11060379096950969653,2747598533664958061,262144 --variations-seed-version --mojo-platform-channel-handle=1900 /prefetch:2
                                                                                                                8⤵
                                                                                                                  PID:4980
                                                                                                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --no-appcompat-clear --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --field-trial-handle=2064,i,11060379096950969653,2747598533664958061,262144 --variations-seed-version --mojo-platform-channel-handle=1936 /prefetch:3
                                                                                                                  8⤵
                                                                                                                    PID:6576
                                                                                                                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --field-trial-handle=2296,i,11060379096950969653,2747598533664958061,262144 --variations-seed-version --mojo-platform-channel-handle=2336 /prefetch:8
                                                                                                                    8⤵
                                                                                                                      PID:7084
                                                                                                                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --show-intro-overlay --start-maximized
                                                                                                                    7⤵
                                                                                                                      PID:6348
                                                                                                                      • C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe
                                                                                                                        C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.35 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffde92c3150,0x7ffde92c3160,0x7ffde92c3170
                                                                                                                        8⤵
                                                                                                                          PID:6184
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe
                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe"
                                                                                                                    5⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    PID:1552
                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\assistant\assistant_installer.exe
                                                                                                                    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\assistant\assistant_installer.exe" --version
                                                                                                                    5⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Loads dropped DLL
                                                                                                                    PID:5608
                                                                                                                    • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\assistant\assistant_installer.exe
                                                                                                                      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0xd40040,0xd4004c,0xd40058
                                                                                                                      6⤵
                                                                                                                      • Executes dropped EXE
                                                                                                                      • Loads dropped DLL
                                                                                                                      PID:3856
                                                                                                                • C:\Users\Admin\Pictures\4F64qZ30BN4hFO61epxC6KZs.exe
                                                                                                                  "C:\Users\Admin\Pictures\4F64qZ30BN4hFO61epxC6KZs.exe"
                                                                                                                  4⤵
                                                                                                                  • Executes dropped EXE
                                                                                                                  • Suspicious use of SetThreadContext
                                                                                                                  PID:6192
                                                                                                                  • C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
                                                                                                                    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
                                                                                                                    5⤵
                                                                                                                    • Suspicious use of NtCreateUserProcessOtherParentProcess
                                                                                                                    PID:6472
                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 616
                                                                                                                      6⤵
                                                                                                                      • Program crash
                                                                                                                      PID:216
                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 6472 -s 612
                                                                                                                      6⤵
                                                                                                                      • Program crash
                                                                                                                      PID:6604
                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -u -p 6192 -s 868
                                                                                                                    5⤵
                                                                                                                    • Program crash
                                                                                                                    PID:6624
                                                                                                              • C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe
                                                                                                                "C:\Windows\Microsoft.NET\Framework\v4.0.30319\regasm.exe"
                                                                                                                3⤵
                                                                                                                  PID:1072
                                                                                                              • C:\Windows\SysWOW64\rundll32.exe
                                                                                                                "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
                                                                                                                2⤵
                                                                                                                • Blocklisted process makes network request
                                                                                                                • Loads dropped DLL
                                                                                                                PID:6416
                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 516 -p 6192 -ip 6192
                                                                                                              1⤵
                                                                                                                PID:6484
                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 520 -p 6052 -ip 6052
                                                                                                                1⤵
                                                                                                                  PID:6576
                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -pss -s 508 -p 6472 -ip 6472
                                                                                                                  1⤵
                                                                                                                    PID:3444
                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 6472 -ip 6472
                                                                                                                    1⤵
                                                                                                                      PID:6556
                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -pss -s 184 -p 3036 -ip 3036
                                                                                                                      1⤵
                                                                                                                        PID:4356
                                                                                                                      • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe
                                                                                                                        "C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe" --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera\assistant" --run-assistant --allusers=0
                                                                                                                        1⤵
                                                                                                                          PID:6484
                                                                                                                          • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe
                                                                                                                            C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0xdd0040,0xdd004c,0xdd0058
                                                                                                                            2⤵
                                                                                                                              PID:5052
                                                                                                                            • C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
                                                                                                                              "C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe"
                                                                                                                              2⤵
                                                                                                                                PID:3048
                                                                                                                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --stream
                                                                                                                                  3⤵
                                                                                                                                    PID:3756
                                                                                                                                    • C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe
                                                                                                                                      C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.35 --initial-client-data=0x28c,0x290,0x294,0x288,0x298,0x7ffde9c33150,0x7ffde9c33160,0x7ffde9c33170
                                                                                                                                      4⤵
                                                                                                                                        PID:6380
                                                                                                                                • C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                                                  C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                                                  1⤵
                                                                                                                                    PID:4088
                                                                                                                                  • C:\Users\Admin\AppData\Local\Temp\1001050001\NewB.exe
                                                                                                                                    C:\Users\Admin\AppData\Local\Temp\1001050001\NewB.exe
                                                                                                                                    1⤵
                                                                                                                                      PID:6208
                                                                                                                                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --show-intro-overlay --start-maximized --lowered-browser
                                                                                                                                      1⤵
                                                                                                                                        PID:6476
                                                                                                                                        • C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe
                                                                                                                                          C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.35 --initial-client-data=0x284,0x288,0x28c,0x280,0x290,0x7ffde92c3150,0x7ffde92c3160,0x7ffde92c3170
                                                                                                                                          2⤵
                                                                                                                                            PID:6800
                                                                                                                                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1912,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=1916 /prefetch:2
                                                                                                                                            2⤵
                                                                                                                                              PID:760
                                                                                                                                            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --no-appcompat-clear --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --field-trial-handle=2180,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=2196 /prefetch:3
                                                                                                                                              2⤵
                                                                                                                                                PID:6536
                                                                                                                                              • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                                "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --field-trial-handle=2312,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=2328 /prefetch:8
                                                                                                                                                2⤵
                                                                                                                                                  PID:7160
                                                                                                                                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --field-trial-handle=2992,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=3176 /prefetch:8
                                                                                                                                                  2⤵
                                                                                                                                                    PID:5388
                                                                                                                                                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --field-trial-handle=2996,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=3196 /prefetch:8
                                                                                                                                                    2⤵
                                                                                                                                                      PID:2816
                                                                                                                                                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --field-trial-handle=3016,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=3456 /prefetch:8
                                                                                                                                                      2⤵
                                                                                                                                                        PID:5708
                                                                                                                                                      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                                        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --field-trial-handle=3024,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=3664 /prefetch:8
                                                                                                                                                        2⤵
                                                                                                                                                          PID:3920
                                                                                                                                                        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                                          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --field-trial-handle=3032,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=3780 /prefetch:8
                                                                                                                                                          2⤵
                                                                                                                                                            PID:864
                                                                                                                                                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3288,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=3896 /prefetch:1
                                                                                                                                                            2⤵
                                                                                                                                                              PID:3428
                                                                                                                                                            • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                                              "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3304,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=4108 /prefetch:1
                                                                                                                                                              2⤵
                                                                                                                                                                PID:3468
                                                                                                                                                              • C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_gx_splash.exe
                                                                                                                                                                "C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_gx_splash.exe" --instance-name=dbff851fa759ccb33e726f883720ae50
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:1652
                                                                                                                                                                • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                                                  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3868,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=2584 /prefetch:1
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:4352
                                                                                                                                                                  • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                                                    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3856,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=3872 /prefetch:2
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:3044
                                                                                                                                                                    • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                                                      "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=3652,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=3800 /prefetch:1
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:4128
                                                                                                                                                                      • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                                                        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3636,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=3628 /prefetch:1
                                                                                                                                                                        2⤵
                                                                                                                                                                          PID:6288
                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                                                          "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3608,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:1
                                                                                                                                                                          2⤵
                                                                                                                                                                            PID:6644
                                                                                                                                                                          • C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
                                                                                                                                                                            "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:easy-setup-full-stats=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-ref:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=4244,i,12359496877108992047,7380067307331298536,262144 --variations-seed-version --mojo-platform-channel-handle=5200 /prefetch:2
                                                                                                                                                                            2⤵
                                                                                                                                                                              PID:7084
                                                                                                                                                                          • C:\Windows\windefender.exe
                                                                                                                                                                            C:\Windows\windefender.exe
                                                                                                                                                                            1⤵
                                                                                                                                                                              PID:5788
                                                                                                                                                                            • C:\Windows\system32\AUDIODG.EXE
                                                                                                                                                                              C:\Windows\system32\AUDIODG.EXE 0x300 0x494
                                                                                                                                                                              1⤵
                                                                                                                                                                                PID:6232

                                                                                                                                                                              Network

                                                                                                                                                                              MITRE ATT&CK Matrix ATT&CK v13

                                                                                                                                                                              Initial Access

                                                                                                                                                                              Execution

                                                                                                                                                                              Scheduled Task/Job

                                                                                                                                                                              1
                                                                                                                                                                              T1053

                                                                                                                                                                              Persistence

                                                                                                                                                                              Create or Modify System Process

                                                                                                                                                                              1
                                                                                                                                                                              T1543

                                                                                                                                                                              Windows Service

                                                                                                                                                                              1
                                                                                                                                                                              T1543.003

                                                                                                                                                                              Boot or Logon Autostart Execution

                                                                                                                                                                              2
                                                                                                                                                                              T1547

                                                                                                                                                                              Registry Run Keys / Startup Folder

                                                                                                                                                                              2
                                                                                                                                                                              T1547.001

                                                                                                                                                                              Scheduled Task/Job

                                                                                                                                                                              1
                                                                                                                                                                              T1053

                                                                                                                                                                              Privilege Escalation

                                                                                                                                                                              Create or Modify System Process

                                                                                                                                                                              1
                                                                                                                                                                              T1543

                                                                                                                                                                              Windows Service

                                                                                                                                                                              1
                                                                                                                                                                              T1543.003

                                                                                                                                                                              Boot or Logon Autostart Execution

                                                                                                                                                                              2
                                                                                                                                                                              T1547

                                                                                                                                                                              Registry Run Keys / Startup Folder

                                                                                                                                                                              2
                                                                                                                                                                              T1547.001

                                                                                                                                                                              Scheduled Task/Job

                                                                                                                                                                              1
                                                                                                                                                                              T1053

                                                                                                                                                                              Defense Evasion

                                                                                                                                                                              Virtualization/Sandbox Evasion

                                                                                                                                                                              2
                                                                                                                                                                              T1497

                                                                                                                                                                              Impair Defenses

                                                                                                                                                                              1
                                                                                                                                                                              T1562

                                                                                                                                                                              Disable or Modify System Firewall

                                                                                                                                                                              1
                                                                                                                                                                              T1562.004

                                                                                                                                                                              Modify Registry

                                                                                                                                                                              2
                                                                                                                                                                              T1112

                                                                                                                                                                              Subvert Trust Controls

                                                                                                                                                                              1
                                                                                                                                                                              T1553

                                                                                                                                                                              Install Root Certificate

                                                                                                                                                                              1
                                                                                                                                                                              T1553.004

                                                                                                                                                                              Credential Access

                                                                                                                                                                              Unsecured Credentials

                                                                                                                                                                              5
                                                                                                                                                                              T1552

                                                                                                                                                                              Credentials In Files

                                                                                                                                                                              4
                                                                                                                                                                              T1552.001

                                                                                                                                                                              Credentials in Registry

                                                                                                                                                                              1
                                                                                                                                                                              T1552.002

                                                                                                                                                                              Discovery

                                                                                                                                                                              Query Registry

                                                                                                                                                                              9
                                                                                                                                                                              T1012

                                                                                                                                                                              Virtualization/Sandbox Evasion

                                                                                                                                                                              2
                                                                                                                                                                              T1497

                                                                                                                                                                              System Information Discovery

                                                                                                                                                                              8
                                                                                                                                                                              T1082

                                                                                                                                                                              Peripheral Device Discovery

                                                                                                                                                                              2
                                                                                                                                                                              T1120

                                                                                                                                                                              Remote System Discovery

                                                                                                                                                                              1
                                                                                                                                                                              T1018

                                                                                                                                                                              Lateral Movement

                                                                                                                                                                              Collection

                                                                                                                                                                              Data from Local System

                                                                                                                                                                              5
                                                                                                                                                                              T1005

                                                                                                                                                                              Exfiltration

                                                                                                                                                                              Command and Control

                                                                                                                                                                              Web Service

                                                                                                                                                                              1
                                                                                                                                                                              T1102

                                                                                                                                                                              Impact

                                                                                                                                                                              Resource Development

                                                                                                                                                                              Reconnaissance

                                                                                                                                                                              Replay Monitor

                                                                                                                                                                              Loading Replay Monitor...

                                                                                                                                                                              Downloads

                                                                                                                                                                              • C:\ProgramData\Are.docx
                                                                                                                                                                                Filesize

                                                                                                                                                                                11KB

                                                                                                                                                                                MD5

                                                                                                                                                                                a33e5b189842c5867f46566bdbf7a095

                                                                                                                                                                                SHA1

                                                                                                                                                                                e1c06359f6a76da90d19e8fd95e79c832edb3196

                                                                                                                                                                                SHA256

                                                                                                                                                                                5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454

                                                                                                                                                                                SHA512

                                                                                                                                                                                f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\ProgramData\mozglue.dll
                                                                                                                                                                                Filesize

                                                                                                                                                                                593KB

                                                                                                                                                                                MD5

                                                                                                                                                                                c8fd9be83bc728cc04beffafc2907fe9

                                                                                                                                                                                SHA1

                                                                                                                                                                                95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                                                                                                                                                SHA256

                                                                                                                                                                                ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                                                                                                                                                SHA512

                                                                                                                                                                                fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                Filesize

                                                                                                                                                                                152B

                                                                                                                                                                                MD5

                                                                                                                                                                                e0811105475d528ab174dfdb69f935f3

                                                                                                                                                                                SHA1

                                                                                                                                                                                dd9689f0f70a07b4e6fb29607e42d2d5faf1f516

                                                                                                                                                                                SHA256

                                                                                                                                                                                c91388c87878a9e2c530c6096dbdd993b0a26fefe8ad797e0133547225032d6c

                                                                                                                                                                                SHA512

                                                                                                                                                                                8374a721ea3ff3a1ea70d8a074e5c193dbba27ba7e301f19cea89d648b2378c376e48310c33fe81078cd40b1863daec935e8ac22e8e3878dc3a5bb529d028852

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                                                                                                                                Filesize

                                                                                                                                                                                152B

                                                                                                                                                                                MD5

                                                                                                                                                                                47b2c6613360b818825d076d14c051f7

                                                                                                                                                                                SHA1

                                                                                                                                                                                7df7304568313a06540f490bf3305cb89bc03e5c

                                                                                                                                                                                SHA256

                                                                                                                                                                                47a22bea2e7d0154c59bf5d8790ec68274eb05e9fa6cf0eab0d648121f1a02ac

                                                                                                                                                                                SHA512

                                                                                                                                                                                08d2366fc1ce87dbe96b9bf997e4c59c9206fcfea47c1f17b01e79aeb0580f25cac5c7349bb453a50775b2743053446653f4129f835f81f4a8547ca392557aac

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                Filesize

                                                                                                                                                                                7KB

                                                                                                                                                                                MD5

                                                                                                                                                                                c1815136f5f92cae380f13664b8887e8

                                                                                                                                                                                SHA1

                                                                                                                                                                                ddb36487fbef6a91fe273772ae5e9f5d00cafeaf

                                                                                                                                                                                SHA256

                                                                                                                                                                                594dd830eebe34d3a3c232b7d2e787413933753828b9be2489c7cbfd00387c59

                                                                                                                                                                                SHA512

                                                                                                                                                                                2453f3304f1f98badce665695fc5d9d3f51834b0a24c37cedae2516b8458ef232024a2d0afe8ca38aa94f9fe8709988836da1f50848167d5845b2bd29df59906

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                                                Filesize

                                                                                                                                                                                6KB

                                                                                                                                                                                MD5

                                                                                                                                                                                96610cccc4d54f1278afc7d176dec8fe

                                                                                                                                                                                SHA1

                                                                                                                                                                                5990ef223bead9d4cbfa818f6ad097e325e3707c

                                                                                                                                                                                SHA256

                                                                                                                                                                                34c5f5ee7cddd563487539da01e930cb75323890ebfcd8718f6d1059f374b22b

                                                                                                                                                                                SHA512

                                                                                                                                                                                cec5da352ca63e5b32c3a3fe0874f79a313e2e2e5d78422e20e6de25118d315d6ac268090e66b9a4215fb8f9b1cb3978a15de39ab72381ed17cd03022b312e01

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                                                                                                                                Filesize

                                                                                                                                                                                16B

                                                                                                                                                                                MD5

                                                                                                                                                                                6752a1d65b201c13b62ea44016eb221f

                                                                                                                                                                                SHA1

                                                                                                                                                                                58ecf154d01a62233ed7fb494ace3c3d4ffce08b

                                                                                                                                                                                SHA256

                                                                                                                                                                                0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

                                                                                                                                                                                SHA512

                                                                                                                                                                                9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                Filesize

                                                                                                                                                                                8KB

                                                                                                                                                                                MD5

                                                                                                                                                                                ba63320a4b19ece96010a710fb3f9a42

                                                                                                                                                                                SHA1

                                                                                                                                                                                5f73a22202d12bc802103701485b3293187bda68

                                                                                                                                                                                SHA256

                                                                                                                                                                                09ca8ea4fae964816f4f0a25043e95c2e0ff848ae109f27a0ae247142cb10945

                                                                                                                                                                                SHA512

                                                                                                                                                                                32f3cf8cc28be51c733b35852c176f0459b0aa26fbce36edd74226d4a817d109b36a5bb7748d66f2c07c6fd36cc65dffdb9fb8f8ca01a0162a350f62d36c1739

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                Filesize

                                                                                                                                                                                8KB

                                                                                                                                                                                MD5

                                                                                                                                                                                78d212c401d63f43710704fa284754d4

                                                                                                                                                                                SHA1

                                                                                                                                                                                77878cff72132740538170264d7642e458ffa21e

                                                                                                                                                                                SHA256

                                                                                                                                                                                11200f0c4350d46a7f4e8c0a0e31f394121c69f2c56140300bf56ce35772e823

                                                                                                                                                                                SHA512

                                                                                                                                                                                5313418a754ae48c01ab3f6080634c5d4d4c6e93e6938ea6f63e397fb85ac6fc6198d80b460d4d50bcfea8de61a0ae09043962bce6206137406aa65aa86d980a

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                                                Filesize

                                                                                                                                                                                11KB

                                                                                                                                                                                MD5

                                                                                                                                                                                09ea3cbb4d3013df8f43b38d8eabe1a0

                                                                                                                                                                                SHA1

                                                                                                                                                                                15a2dba39e37d984ad274a9128cbabf19df7258f

                                                                                                                                                                                SHA256

                                                                                                                                                                                6536c239543bd0671e5a4c0ba1033c53c4fda4b1718083cbd18a1c0384598421

                                                                                                                                                                                SHA512

                                                                                                                                                                                21db554aef8d84e2888b7939004228a638d4f685769652684ea5d4ea43da94158b52c29eb351a26319f3d8d3cefb92a67d26a1133f4122d5c3482a6443f60cb8

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Programs\Opera\installer_prefs.json
                                                                                                                                                                                Filesize

                                                                                                                                                                                1KB

                                                                                                                                                                                MD5

                                                                                                                                                                                2b76d22e56635b56d7437958cdc57be4

                                                                                                                                                                                SHA1

                                                                                                                                                                                fab9fe661f7976f3ba640e1161814d5c6f9e8dc5

                                                                                                                                                                                SHA256

                                                                                                                                                                                88b696ce83b76ac135d57c99955c190c8da95e7ccd0fc8573f4f530dd6ce2733

                                                                                                                                                                                SHA512

                                                                                                                                                                                a74fd9b5b967e86e975562895ce8fdb8c38f276706e43f79a9258f9cb567b2c1075879ad4d9011aa6cdd9462f9536bec85c5b1d3023ba3d7edb71ffe18aa78c4

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\Opera Browser.lnk
                                                                                                                                                                                Filesize

                                                                                                                                                                                1KB

                                                                                                                                                                                MD5

                                                                                                                                                                                29324603c128109a0420821176cd98c9

                                                                                                                                                                                SHA1

                                                                                                                                                                                d34dc033fc4137bffd4245339ebecf17400ce1a0

                                                                                                                                                                                SHA256

                                                                                                                                                                                11d4b25077b0727284a72dd051f0e6e9d96a0a5158c35749386df6bc589d8911

                                                                                                                                                                                SHA512

                                                                                                                                                                                505ed9e1350659fd19e9a592b07ee0e43184a8f4ef9a81da0d05c426423d4a23df3c1b446aace3b1116455dc32b083cf17ccde04a6ae525e6fe327afb0969931

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\additional_file0.tmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                2.5MB

                                                                                                                                                                                MD5

                                                                                                                                                                                20d293b9bf23403179ca48086ba88867

                                                                                                                                                                                SHA1

                                                                                                                                                                                dedf311108f607a387d486d812514a2defbd1b9e

                                                                                                                                                                                SHA256

                                                                                                                                                                                fd996b95ae46014edfd630bfc2bf8bc9e626adf883a1da017a8c3973b68ec348

                                                                                                                                                                                SHA512

                                                                                                                                                                                5d575c6f0d914583f9bb54f7b884caf9182f26f850da9bdd962f4ed5ed7258316a46fafaf3828dccb6916baaadb681fe1d175a3f4ed59f56066dc7e32b66f7b6

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\installer_prefs_include.json
                                                                                                                                                                                Filesize

                                                                                                                                                                                230B

                                                                                                                                                                                MD5

                                                                                                                                                                                82ca55d161189b1e7021f35a1f3e3918

                                                                                                                                                                                SHA1

                                                                                                                                                                                0301a745de202a7c5df9b22da57c5a200303f76e

                                                                                                                                                                                SHA256

                                                                                                                                                                                b9c00ce7544e192578af26f27797fb681d000ac82b608f8fdaeb8b2cc36aa256

                                                                                                                                                                                SHA512

                                                                                                                                                                                cb862a7800cbb3bb5cef5a37f0dc767c0cf9ace4c202c8a6601336104e841b8a447fd0f822ef53718dbffefd3d042a1baf3ed404811eeec5414d9d3ea6b843fa

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\installer_prefs_include.json
                                                                                                                                                                                Filesize

                                                                                                                                                                                1KB

                                                                                                                                                                                MD5

                                                                                                                                                                                b9ccdffb518d11386a5a98dde4b77197

                                                                                                                                                                                SHA1

                                                                                                                                                                                97d897c4146b2d92bc7c43228402e206a056e414

                                                                                                                                                                                SHA256

                                                                                                                                                                                0fe30803ddcbe4c01d4ca16cd71c652adcdd3f4df9422bd8025229c11eed78d6

                                                                                                                                                                                SHA512

                                                                                                                                                                                e008f48df17cb2cbbfb6f7e0a526c41821dd17d1e207c73464079a256d9a510f383034166e655d5bd3f887a7ef16fcca9312789034bd872756442e97a82f99b1

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\installer_prefs_include.json.backup
                                                                                                                                                                                Filesize

                                                                                                                                                                                215B

                                                                                                                                                                                MD5

                                                                                                                                                                                1dfea2f25a19565f470b972abc641812

                                                                                                                                                                                SHA1

                                                                                                                                                                                cda808cdd109fc8c4d58e35431310c9294206eb5

                                                                                                                                                                                SHA256

                                                                                                                                                                                33c4e288a3dd87a164847de8ae36e742e7c22da0d8b4fbd6b78ff74b1f208478

                                                                                                                                                                                SHA512

                                                                                                                                                                                d23d05799d824266550ecd56f1d95c9f8ac028c645d6cc371773b140316f5edb996ad9b89b4af7f3856a95f074f36286dde70dcdbd19a2616dd1d01d135d5d3b

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202403291010221\opera_package
                                                                                                                                                                                Filesize

                                                                                                                                                                                103.9MB

                                                                                                                                                                                MD5

                                                                                                                                                                                401c352990789be2f40fe8f9c5c7a5ac

                                                                                                                                                                                SHA1

                                                                                                                                                                                d7c1e902487511d3f4e1a57abdee8a94d5483ed4

                                                                                                                                                                                SHA256

                                                                                                                                                                                f62f4ebc7eca46d9cddfb02cc0305da5efdd6f3601fb0f53da555e19558869a3

                                                                                                                                                                                SHA512

                                                                                                                                                                                efc6d4224e3721e91efb2ea8f4b74685cba607260c69d08eac26866c52b8127080a42799d9f76ab1661b8ca63c946fcf35dddf0a63ab3cd258ea44a27dd769c8

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                1.8MB

                                                                                                                                                                                MD5

                                                                                                                                                                                b2e05d2e690a891bc23fad747703033f

                                                                                                                                                                                SHA1

                                                                                                                                                                                b121788896290d34bea15b3b60793434948d6636

                                                                                                                                                                                SHA256

                                                                                                                                                                                5c5c55ed366652aafee3e02431937ac850873d9a4efb8aaf4f0497e2289b1d64

                                                                                                                                                                                SHA512

                                                                                                                                                                                ab0a7da0e651fe30fce358dd73803b6ac07e04864e979ce8831b03a523386efc0420491d1b429e295e1695dcf983ed2ef425385c125938ab8e57982fc2ef1a44

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\1000042001\faf76924b5.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                3.0MB

                                                                                                                                                                                MD5

                                                                                                                                                                                d5d4798d19cd046ef97ee8c0bc941504

                                                                                                                                                                                SHA1

                                                                                                                                                                                cf129e9b01bfa5274fee3b1940698778d395c416

                                                                                                                                                                                SHA256

                                                                                                                                                                                3305e263708f96c3a443fbc46be373f74f72080edc1bb5f9251dbe6acd96099f

                                                                                                                                                                                SHA512

                                                                                                                                                                                f5e212f29bb6a945bc9accef1139f9a3f3dd5a73d94aa3245e696c5779adbd02576728e18a7c191e585f288133d0ad97491b32f15a1754133ff5c46bdb88d5be

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\1000044001\go.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                894KB

                                                                                                                                                                                MD5

                                                                                                                                                                                2f8912af892c160c1c24c9f38a60c1ab

                                                                                                                                                                                SHA1

                                                                                                                                                                                d2deae508e262444a8f15c29ebcc7ebbe08a3fdb

                                                                                                                                                                                SHA256

                                                                                                                                                                                59ff8e0aa665fbbf749c7548906a655cb1869bb58a3b7546efa5b416d19e6308

                                                                                                                                                                                SHA512

                                                                                                                                                                                0395383bde98d358b0a7f2224f903dff026ce0c6d90feb49ac0e6993ef692143b0eb25da84d9cdc9e7b373a7b75a6dbaef14746eda1bff165d59f07ca51a16bb

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\1000046001\amert.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                1.8MB

                                                                                                                                                                                MD5

                                                                                                                                                                                c960d2677f3dce3d51771422c54116a3

                                                                                                                                                                                SHA1

                                                                                                                                                                                89c7afe32a00ddff7744874d552672dbbd8882ab

                                                                                                                                                                                SHA256

                                                                                                                                                                                463787efd1e5d6c50e3120af29db8f8ecc70a6c346d18e20220f4b104f18bd4b

                                                                                                                                                                                SHA512

                                                                                                                                                                                42a093a7ac68b614b403f73ebe8dfff8ac7a103df64d633452d9951bb5a45108948a2f944f311662039ae85875ef844ed34877fff2d64c37da1caeb82ed91b04

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\1000985001\alex1234.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                1.7MB

                                                                                                                                                                                MD5

                                                                                                                                                                                85a15f080b09acace350ab30460c8996

                                                                                                                                                                                SHA1

                                                                                                                                                                                3fc515e60e4cfa5b3321f04a96c7fb463e4b9d02

                                                                                                                                                                                SHA256

                                                                                                                                                                                3a2006bc835a8ffe91b9ee9206f630b3172f42e090f4e8d90be620e540f5ef6b

                                                                                                                                                                                SHA512

                                                                                                                                                                                ade5e3531dfa1a01e6c2a69deb2962cbf619e766da3d6e8e3453f70ff55ccbcbe21381c7b97a53d67e1ca88975f4409b1a42a759e18f806171d29e4c3f250e9f

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\1001039001\redlinepanel.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                301KB

                                                                                                                                                                                MD5

                                                                                                                                                                                832eb4dc3ed8ceb9a1735bd0c7acaf1b

                                                                                                                                                                                SHA1

                                                                                                                                                                                b622a406927fbb8f6cd5081bd4455fb831948fca

                                                                                                                                                                                SHA256

                                                                                                                                                                                2a82243697e2eec45bedc754adcdc1f6f41724a40c6d7d96fd41ad144899b6f7

                                                                                                                                                                                SHA512

                                                                                                                                                                                3ab8b25732a7152608be101a3daf0d55833c554ab968be8b3b79a49e1831f3ee0eeeb9586a3334fa387b1f160fd15e98a80dcfece559c9c257b44ef962874894

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\1001040001\32456.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                499KB

                                                                                                                                                                                MD5

                                                                                                                                                                                83d0b41c7a3a0d29a268b49a313c5de5

                                                                                                                                                                                SHA1

                                                                                                                                                                                46f3251c771b67b40b1f3268caef8046174909a5

                                                                                                                                                                                SHA256

                                                                                                                                                                                09cc3364d5e1c15228822926bc65ce290c487dc3b7c0345bf265538110fa9cc9

                                                                                                                                                                                SHA512

                                                                                                                                                                                705ecc7c421338e37ed0d58c2d9fad03fb3565db422a0c9d895e75a399bf5f2a70cfe3ffdc860ffe010d4d1a213e0a844aeadb89ea8e0c830a2fc8c03b7669b5

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\1001050001\NewB.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                418KB

                                                                                                                                                                                MD5

                                                                                                                                                                                0099a99f5ffb3c3ae78af0084136fab3

                                                                                                                                                                                SHA1

                                                                                                                                                                                0205a065728a9ec1133e8a372b1e3864df776e8c

                                                                                                                                                                                SHA256

                                                                                                                                                                                919ae827ff59fcbe3dbaea9e62855a4d27690818189f696cfb5916a88c823226

                                                                                                                                                                                SHA512

                                                                                                                                                                                5ac4f3265c7dd7d172284fb28c94f8fc6428c27853e70989f4ec4208f9897be91720e8eee1906d8e843ab05798f3279a12492a32e8a118f5621ac5e1be2031b6

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\1001053001\goldprimeldlldf.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                464KB

                                                                                                                                                                                MD5

                                                                                                                                                                                c084d6f6ba40534fbfc5a64b21ef99ab

                                                                                                                                                                                SHA1

                                                                                                                                                                                0b4a17da83c0a8abbc8fab321931d5447b32b720

                                                                                                                                                                                SHA256

                                                                                                                                                                                afd83290a2adb219c3f1b8fbf23c27b0994fe76dfbb7dc0b416530dc0e21f624

                                                                                                                                                                                SHA512

                                                                                                                                                                                a5384a2f7029cf946fde44e1ff30775754ce525ca5a6fdac14184872b6e684cb6e585053cb86d32f82cbd3db48eb195ba3a642d8ee3774be579fccd993938ca1

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\1001055001\file300un.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                386KB

                                                                                                                                                                                MD5

                                                                                                                                                                                16f67f1a6e10f044bc15abe8c71b3bd6

                                                                                                                                                                                SHA1

                                                                                                                                                                                ce0101205b919899a2a2f577100377c2a6546171

                                                                                                                                                                                SHA256

                                                                                                                                                                                41cca3fa0f500dc6c17d1f02fc906d2b0c769210af9c4286760b84ecf46cab89

                                                                                                                                                                                SHA512

                                                                                                                                                                                a11db01bf55e3497644918c7dcc6180e0911261f39f062e653f000e1365dc9668fe5bd1d0fee0ae5c740a6477bcea510ba8c5ff6831c3bdb0d7c0590d2487e3c

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Opera_installer_2403291010225103060.dll
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.6MB

                                                                                                                                                                                MD5

                                                                                                                                                                                117176ddeaf70e57d1747704942549e4

                                                                                                                                                                                SHA1

                                                                                                                                                                                75e3ab6b3469d93cce9ea2f7e22b71b987ccdf2b

                                                                                                                                                                                SHA256

                                                                                                                                                                                3c5b34de987116a4d3240e319c0da89a951c96b81e6705476a0fea27b22b20af

                                                                                                                                                                                SHA512

                                                                                                                                                                                ca2a356929c92d314aab63d7f3b246d72783212dfa3a4507f28d41a51ca0eedc78e85b1cd453aa8e02c12509f847a0216bb702154f903291c804c8a98ec378b9

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\Tmp97EA.tmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                2KB

                                                                                                                                                                                MD5

                                                                                                                                                                                1420d30f964eac2c85b2ccfe968eebce

                                                                                                                                                                                SHA1

                                                                                                                                                                                bdf9a6876578a3e38079c4f8cf5d6c79687ad750

                                                                                                                                                                                SHA256

                                                                                                                                                                                f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9

                                                                                                                                                                                SHA512

                                                                                                                                                                                6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ql1nedq3.hrh.ps1
                                                                                                                                                                                Filesize

                                                                                                                                                                                60B

                                                                                                                                                                                MD5

                                                                                                                                                                                d17fe0a3f47be24a6453e9ef58c94641

                                                                                                                                                                                SHA1

                                                                                                                                                                                6ab83620379fc69f80c0242105ddffd7d98d5d9d

                                                                                                                                                                                SHA256

                                                                                                                                                                                96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

                                                                                                                                                                                SHA512

                                                                                                                                                                                5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\iolo\dm\ioloDMLog.txt
                                                                                                                                                                                Filesize

                                                                                                                                                                                2KB

                                                                                                                                                                                MD5

                                                                                                                                                                                14fe762cc4e75aedfe943f6b4c195e9c

                                                                                                                                                                                SHA1

                                                                                                                                                                                d6867af4b8aadafbfc810daa8b9479c8a1a97cfd

                                                                                                                                                                                SHA256

                                                                                                                                                                                abc25fd75a014b3abffc273d6dff2b5e5c33e7be54b4e7c56c2fb69ae874e620

                                                                                                                                                                                SHA512

                                                                                                                                                                                cf3b19b1e0ba73bde8839a40939edbf4a6ba857179d79a7975ae6ca44f27b162ac70358fbd009679e84d55b51f0963b4c25f79652f53236c4175d7697a8f375e

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\iolo\dm\ioloDMLog.txt
                                                                                                                                                                                Filesize

                                                                                                                                                                                3KB

                                                                                                                                                                                MD5

                                                                                                                                                                                6b56acb7e00803fa3c0d5dbecf1d4071

                                                                                                                                                                                SHA1

                                                                                                                                                                                a2c059d9bbe353bcf97635b2e3ed06b5867e47b4

                                                                                                                                                                                SHA256

                                                                                                                                                                                42cf8001d5605877039c256d7a2172af990a3677573b5f3b2bb56f04e68f6736

                                                                                                                                                                                SHA512

                                                                                                                                                                                852df879fdd3d73fb06a22399c6c7e8363ceed7db115c53f78d24ac228044a5bf22a722c3e8c6bed8ad233f69394fcffcd709a65f9cc7eebaeed4d52fd1dc3fd

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpAF7C.tmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                20KB

                                                                                                                                                                                MD5

                                                                                                                                                                                49693267e0adbcd119f9f5e02adf3a80

                                                                                                                                                                                SHA1

                                                                                                                                                                                3ba3d7f89b8ad195ca82c92737e960e1f2b349df

                                                                                                                                                                                SHA256

                                                                                                                                                                                d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

                                                                                                                                                                                SHA512

                                                                                                                                                                                b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpAFCD.tmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                48KB

                                                                                                                                                                                MD5

                                                                                                                                                                                349e6eb110e34a08924d92f6b334801d

                                                                                                                                                                                SHA1

                                                                                                                                                                                bdfb289daff51890cc71697b6322aa4b35ec9169

                                                                                                                                                                                SHA256

                                                                                                                                                                                c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

                                                                                                                                                                                SHA512

                                                                                                                                                                                2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\tmpAFEF.tmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                116KB

                                                                                                                                                                                MD5

                                                                                                                                                                                f70aa3fa04f0536280f872ad17973c3d

                                                                                                                                                                                SHA1

                                                                                                                                                                                50a7b889329a92de1b272d0ecf5fce87395d3123

                                                                                                                                                                                SHA256

                                                                                                                                                                                8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

                                                                                                                                                                                SHA512

                                                                                                                                                                                30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\u4o4.0.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                234KB

                                                                                                                                                                                MD5

                                                                                                                                                                                13b0134ba1fb3c444639f8e02f003dbc

                                                                                                                                                                                SHA1

                                                                                                                                                                                059954593a06c29579ade738826f088735327250

                                                                                                                                                                                SHA256

                                                                                                                                                                                7866eccdb6eafe9e729252d82cdc300bf1567dc02e3c50beb530c44da0f2cd27

                                                                                                                                                                                SHA512

                                                                                                                                                                                6a4a091380c189ac892eb74024f519928a0a9e60d7cf0fe7d57fdfdcedc32bad3b94c73032e323972c38abbaa3e57276e1736c7dab3fcb2dd5c63c2f173dc2b7

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Local\Temp\u4o4.1.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.6MB

                                                                                                                                                                                MD5

                                                                                                                                                                                397926927bca55be4a77839b1c44de6e

                                                                                                                                                                                SHA1

                                                                                                                                                                                e10f3434ef3021c399dbba047832f02b3c898dbd

                                                                                                                                                                                SHA256

                                                                                                                                                                                4f07e1095cc915b2d46eb149d1c3be14f3f4b4bd2742517265947fd23bdca5a7

                                                                                                                                                                                SHA512

                                                                                                                                                                                cf54136b977fc8af7e8746d78676d0d464362a8cfa2213e392487003b5034562ee802e6911760b98a847bddd36ad664f32d849af84d7e208d4648bd97a2fa954

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll
                                                                                                                                                                                Filesize

                                                                                                                                                                                109KB

                                                                                                                                                                                MD5

                                                                                                                                                                                2afdbe3b99a4736083066a13e4b5d11a

                                                                                                                                                                                SHA1

                                                                                                                                                                                4d4856cf02b3123ac16e63d4a448cdbcb1633546

                                                                                                                                                                                SHA256

                                                                                                                                                                                8d31b39170909595b518b1a03e9ec950540fabd545ed14817cac5c84b91599ee

                                                                                                                                                                                SHA512

                                                                                                                                                                                d89b3c46854153e60e3fa825b394344eee33936d7dbf186af9d95c9adae54428609e3bf21a18d38fce3d96f3e0b8e4e0ed25cb5004fbe288de3aef3a85b1d93f

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll
                                                                                                                                                                                Filesize

                                                                                                                                                                                1.2MB

                                                                                                                                                                                MD5

                                                                                                                                                                                92fbdfccf6a63acef2743631d16652a7

                                                                                                                                                                                SHA1

                                                                                                                                                                                971968b1378dd89d59d7f84bf92f16fc68664506

                                                                                                                                                                                SHA256

                                                                                                                                                                                b4588feacc183cd5a089f9bb950827b75df04bd5a6e67c95ff258e4a34aa0d72

                                                                                                                                                                                SHA512

                                                                                                                                                                                b8ea216d4a59d8858fd4128abb555f8dcf3acca9138e663b488f09dc5200db6dc11ecc235a355e801145bbbb44d7beac6147949d75d78b32fe9cfd2fa200d117

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
                                                                                                                                                                                Filesize

                                                                                                                                                                                40B

                                                                                                                                                                                MD5

                                                                                                                                                                                9d6205793801c81066b7d974eeb0d5c9

                                                                                                                                                                                SHA1

                                                                                                                                                                                701ee8c6d4cdae2961be9cb2bfdd74f84efaea48

                                                                                                                                                                                SHA256

                                                                                                                                                                                b1bc42270fe536dc0785542b2217c9ac0cb03b3a299ca585b7247c52a386add1

                                                                                                                                                                                SHA512

                                                                                                                                                                                ca74c1b9a39127e4953c39cbc394d5ebced7a206628c5d27eb0c661c670c40f57d965555d2a7ff3a7dcd9abc755912f7f0b1b810cbd87fe57f17ae15da65730e

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\DawnCache\data_1
                                                                                                                                                                                Filesize

                                                                                                                                                                                264KB

                                                                                                                                                                                MD5

                                                                                                                                                                                d0d388f3865d0523e451d6ba0be34cc4

                                                                                                                                                                                SHA1

                                                                                                                                                                                8571c6a52aacc2747c048e3419e5657b74612995

                                                                                                                                                                                SHA256

                                                                                                                                                                                902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

                                                                                                                                                                                SHA512

                                                                                                                                                                                376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\Extension Rules\CURRENT
                                                                                                                                                                                Filesize

                                                                                                                                                                                16B

                                                                                                                                                                                MD5

                                                                                                                                                                                46295cac801e5d4857d09837238a6394

                                                                                                                                                                                SHA1

                                                                                                                                                                                44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                                                                                                                                SHA256

                                                                                                                                                                                0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                                                                                                                                SHA512

                                                                                                                                                                                8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\Extension Scripts\MANIFEST-000001
                                                                                                                                                                                Filesize

                                                                                                                                                                                41B

                                                                                                                                                                                MD5

                                                                                                                                                                                5af87dfd673ba2115e2fcf5cfdb727ab

                                                                                                                                                                                SHA1

                                                                                                                                                                                d5b5bbf396dc291274584ef71f444f420b6056f1

                                                                                                                                                                                SHA256

                                                                                                                                                                                f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

                                                                                                                                                                                SHA512

                                                                                                                                                                                de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\Preferences
                                                                                                                                                                                Filesize

                                                                                                                                                                                7KB

                                                                                                                                                                                MD5

                                                                                                                                                                                d0b3a18185bae7d877332d349b0f48c8

                                                                                                                                                                                SHA1

                                                                                                                                                                                d470a2d226edacdedccffd5dd26a3b54105fee40

                                                                                                                                                                                SHA256

                                                                                                                                                                                224a31be0f8f6fd991db500653ac6d77c3b2168e37cdd56b3331458ddc6288e1

                                                                                                                                                                                SHA512

                                                                                                                                                                                8f8b0fe504520ba77a8ca12e24d9439c420e888104c06942bf7e834d7f772299448a1ef8cea81c5ccb09cd7860c7136062f6fad5c5966352199f3cfdb94bfdf2

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\Preferences
                                                                                                                                                                                Filesize

                                                                                                                                                                                8KB

                                                                                                                                                                                MD5

                                                                                                                                                                                4da34b984064755dfe9f75a6b4363797

                                                                                                                                                                                SHA1

                                                                                                                                                                                d77a04ad15e415e3aabe748595ffdea6cb7fe420

                                                                                                                                                                                SHA256

                                                                                                                                                                                26803c2829b736ad965df7a3a39d4c825a9bff51dc51579443437ecedf6f16c8

                                                                                                                                                                                SHA512

                                                                                                                                                                                3ab27b48fc2db3540526fcd4b8f9e74f8b924e9109d719d0a5bd72f0013dc3118d48068493b83927de76a1207727ef9332a7f873ce841b7a0f1cb1c93a2c7d9d

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\Preferences~RFe58753b.TMP
                                                                                                                                                                                Filesize

                                                                                                                                                                                7KB

                                                                                                                                                                                MD5

                                                                                                                                                                                d63a5ac7d1bb9dcc5fdbc0cbc8ae31a0

                                                                                                                                                                                SHA1

                                                                                                                                                                                0cf8a48c750a1a4de0a048ebea43df54bea920b6

                                                                                                                                                                                SHA256

                                                                                                                                                                                a5660f4874c87ef2379301c76e7e59b30b41768b59cb3e40d1c3c2d77b292463

                                                                                                                                                                                SHA512

                                                                                                                                                                                1e7782d814272c480a59290243c78932df5251929af4fcee3ad749d80f750f3476328f78e6c98d5b95f24d395a66bd3c185550f7acd1d828699eca7b71e33f84

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\Secure Preferences
                                                                                                                                                                                Filesize

                                                                                                                                                                                71KB

                                                                                                                                                                                MD5

                                                                                                                                                                                39f3edef7dae612e26156728243a2fb1

                                                                                                                                                                                SHA1

                                                                                                                                                                                e54d555358a0670fb2ffda3a893327620dc4e064

                                                                                                                                                                                SHA256

                                                                                                                                                                                35072d1b348f244a06c4ac7c2580d12e39d097e4fdfcac9cfdfd55653211f2b5

                                                                                                                                                                                SHA512

                                                                                                                                                                                53f1f284219c3360c921b91e801323057c080216e2408d54e2bcb7caedd52fd102253845b93d4409e6aff41b3c90e564ad6d5a1b56747756c404f2f160c07c78

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                461B

                                                                                                                                                                                MD5

                                                                                                                                                                                890d0f43720ca94cd9d5a80a364d7069

                                                                                                                                                                                SHA1

                                                                                                                                                                                cfe45767a778065a9ed0e0146cdfe40b01fd993d

                                                                                                                                                                                SHA256

                                                                                                                                                                                3f093f484e7425ea68bc28b38dfdf3b6e94d3044287adb29638e8b5ffe99e4ce

                                                                                                                                                                                SHA512

                                                                                                                                                                                d82648085dac3cfa97cca24ed65503bc604fe4ee350b0725875b5f883f48f158b301cc8b6b1e99473c883f0a74cf05722368d460b02a9ed890337f0c51668793

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                941B

                                                                                                                                                                                MD5

                                                                                                                                                                                c5c9c72d4974f9a1a6c27e00ee5316a8

                                                                                                                                                                                SHA1

                                                                                                                                                                                7baeb0deac0e766c92a9907165d5819bd5825dc4

                                                                                                                                                                                SHA256

                                                                                                                                                                                c22380b2d42a56be106462a0c3f80433e1570e00f4a21b98311a09fdb37a66d7

                                                                                                                                                                                SHA512

                                                                                                                                                                                fe9c5c5103ce592c7eeb543d9117593d3d5b0df2e3473a04f0d8d943bd858d587687e1105af0b5d137e4f6d8cac42257f86270f530807e2511cb8ac7d6ee3f63

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                1KB

                                                                                                                                                                                MD5

                                                                                                                                                                                44c00a7a358f5cbd24de780af60e443f

                                                                                                                                                                                SHA1

                                                                                                                                                                                80094b85c11dbe73ddee3ffb87374940a84f9200

                                                                                                                                                                                SHA256

                                                                                                                                                                                34c9b58049191cb66aa9fa3a9b6a4391fb4e28f86fd61bb443d7ab9f5dd0bb65

                                                                                                                                                                                SHA512

                                                                                                                                                                                43a5a303751c66eb586ed4ef600a1553bc755b690a31e4ae2d086f190cd8d1a7d656f387efce28da90742f1b281232a63fb3280414bf483a961559704a09995c

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                573B

                                                                                                                                                                                MD5

                                                                                                                                                                                f67230efab6509f5af9d773b9157ef35

                                                                                                                                                                                SHA1

                                                                                                                                                                                6e409f3e93887705b4bc2f1b6b02c2074d44cf49

                                                                                                                                                                                SHA256

                                                                                                                                                                                a6a9140a24063fb07c275fca87f7559c49ff5729ff9588f1dae2a9d559d8d9fa

                                                                                                                                                                                SHA512

                                                                                                                                                                                fdef1c18d0b51a81c89fc3d2e14d8f11a45514010502617ad0f53dc0914a939b33e11c394594458022a131c01b767aae0a1cdcb9936a933d41ca59b5620fffc3

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                669B

                                                                                                                                                                                MD5

                                                                                                                                                                                656ed64bdd9d64bd35327cfdca6c64eb

                                                                                                                                                                                SHA1

                                                                                                                                                                                86c9692efdcedee9736ea2a7304888ad34628057

                                                                                                                                                                                SHA256

                                                                                                                                                                                1e843fb58d117325494ab454bfa62d6f3bbe8ee63c4afac13c6a7e086f151126

                                                                                                                                                                                SHA512

                                                                                                                                                                                247011e28f7a921ad3a583e38560d38bcdfe9991bf0308560c4574a9e992bb399a8ab9a89c94954ba9519cabfde8c32f0217982f7d92a36053e2092f73e45f6c

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                797B

                                                                                                                                                                                MD5

                                                                                                                                                                                b2876006da8a732b790e3dd81f550c3b

                                                                                                                                                                                SHA1

                                                                                                                                                                                e8b7aa17b5ecda660a730729628854ccd29b836d

                                                                                                                                                                                SHA256

                                                                                                                                                                                dab8d6315e552dd3f12ccefb1a1ef652997a60029d2ddd9c71db3a6344eaaac9

                                                                                                                                                                                SHA512

                                                                                                                                                                                7596d302e007d60fd749d43357fbd2f2c1c693a1ea502439d71a58fa7f0e76e6a269960e32ab9952d526db34324fdb007fd7627637a314913059ef316ca1e5a4

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                909B

                                                                                                                                                                                MD5

                                                                                                                                                                                affb69817338c38c910c1a0101bf621b

                                                                                                                                                                                SHA1

                                                                                                                                                                                dc4e4f1fcc4dc44828d7f3fc2ee5fc0597fb9432

                                                                                                                                                                                SHA256

                                                                                                                                                                                78fd0980ef7e89f5575256411b26f3556a7cd2ac2a2dab8ced48df1ef4158c22

                                                                                                                                                                                SHA512

                                                                                                                                                                                7fc81a2eca3a635d7022dd2b7d275589e8708fc064c02126e0abe1bdd3ffd3267d10d660030b6de5e1b64160634e9a55753aa42a0f1b8b871316d7848b0d9a5c

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                989B

                                                                                                                                                                                MD5

                                                                                                                                                                                7b2ec63590a3a33003676daaed6d438e

                                                                                                                                                                                SHA1

                                                                                                                                                                                fa7f62d8ee2e783104bde365108b195720a72dd8

                                                                                                                                                                                SHA256

                                                                                                                                                                                9c06049d5b12b60fa5ebc6da660862adaae4126b3ece56fa96141ffbba011370

                                                                                                                                                                                SHA512

                                                                                                                                                                                f5db35134044c525b815f55bfe7c735be7ebf76628530590530fc44665d778e0beedbbf9885efdb5a500ffaf8963c5cc189c1fbe594cbc75d851dbf489d18c6c

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                1KB

                                                                                                                                                                                MD5

                                                                                                                                                                                f980d7f491c4263ada8298add91d8c13

                                                                                                                                                                                SHA1

                                                                                                                                                                                b34f1a1fb9cb679eb0e85e8a43d5e1740328eb1b

                                                                                                                                                                                SHA256

                                                                                                                                                                                f5f278448901c5a3b6c43129b3eb79bad0f678b4e4c992254686864ef19a8ce3

                                                                                                                                                                                SHA512

                                                                                                                                                                                4e162f12cc13e3ff19b30ca8a6b2ba9adc8164f5933a39e8520c8e2eb771ee86b00742bc542e551893f90e4812bd02e77cc23743f2effec6fcbdabf7a6fd4b7f

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                1KB

                                                                                                                                                                                MD5

                                                                                                                                                                                d3d539b3a5a5826b1866305dd94082d9

                                                                                                                                                                                SHA1

                                                                                                                                                                                d67db30056a42a82a2db011642e50307b59e9d41

                                                                                                                                                                                SHA256

                                                                                                                                                                                0006da5250233cc79c4ba9567365429e9252793c0aa06ebb4b12d8eb2ec59399

                                                                                                                                                                                SHA512

                                                                                                                                                                                1901fb109c99573cce25c85cfd6793336ff82905031ede87b43caafe78b2c6bcae890f234aa6ce2f77d6387616be5e51b224714c7bb0d61c2211ec9220c74b11

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                1KB

                                                                                                                                                                                MD5

                                                                                                                                                                                a53e5a608117e1dc11d006ec1f9fb710

                                                                                                                                                                                SHA1

                                                                                                                                                                                1670c42d3a184e737acf3a9615363caff3e4b4da

                                                                                                                                                                                SHA256

                                                                                                                                                                                d8c29660ce14fa4895f4e2306534da426f40ff787e406794ac9549b2058565ba

                                                                                                                                                                                SHA512

                                                                                                                                                                                b34c527508389b92c057d2a44cc0fd62da7aae54dcaa0ff44c14a0112a2f3bd6a829c0831517d09ddc905f29e93d85bd9e387e87abf3942252664238dda1c77d

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                1KB

                                                                                                                                                                                MD5

                                                                                                                                                                                de93560c4536a549fabae9d1f1b92587

                                                                                                                                                                                SHA1

                                                                                                                                                                                40a98e330286fae4c1d5083a1e8b9200ba715ac7

                                                                                                                                                                                SHA256

                                                                                                                                                                                5b269a79c750f9b944ac1e7cadd184a7145d814bd5e348f88c34f5b1af21e33e

                                                                                                                                                                                SHA512

                                                                                                                                                                                fd599efef6d64d8590c7aefc11dc6032e077247a06895998d7fde6fda087d573273ada062ff8e5e7dd6c53d6d68e252b507ea1ae02837c82acbf31c4a14b5752

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                1KB

                                                                                                                                                                                MD5

                                                                                                                                                                                c7771e03a0a1e4aee2b179027709fc21

                                                                                                                                                                                SHA1

                                                                                                                                                                                e3faab020735d5ee2b0ee00857503542dca52bb7

                                                                                                                                                                                SHA256

                                                                                                                                                                                f8c5fa58093f3e162336a60df7f6f91a2d28cd1cd3d86629896081bbbb8e5f2b

                                                                                                                                                                                SHA512

                                                                                                                                                                                5d60be2616324836fd90cae6265cadfb2780f7788efc9557494fed8ae0e86e2d9475487de3ac9af99f163ca5fbbebdacf947d8aeabfe2b3a85f397d9129d1d2a

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                1KB

                                                                                                                                                                                MD5

                                                                                                                                                                                d808fac6d08d7de70375ae925d79ff23

                                                                                                                                                                                SHA1

                                                                                                                                                                                260d7018f113b5364a1d995f1e73c3b6ac853062

                                                                                                                                                                                SHA256

                                                                                                                                                                                4af5c67ca78ed12a145b7709188b225b5d0fd668c2c50a746599a6c456b3aab6

                                                                                                                                                                                SHA512

                                                                                                                                                                                60a720f7344f6f5ab5fb3296a585a035a92ca72295cb71280ec886b591514e3f9b92a3ace5a9d5552b421d5bfc57a234bf7885cef1ed7555825a8ff632a8f77a

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                MD5

                                                                                                                                                                                48c0dba897df00aefa0aa564b35064ed

                                                                                                                                                                                SHA1

                                                                                                                                                                                254f0f245b120a2361cdc17110aeb65fb6ed090c

                                                                                                                                                                                SHA256

                                                                                                                                                                                c8012346da484373352c6ec6e5cf34ab2ed55a0591c4390bc5e5650e3e358caf

                                                                                                                                                                                SHA512

                                                                                                                                                                                2b3b470bf045eb4e31aac39a328489285e64655091696d6ca085cde733fdd6220a63058a22ca57654e61cdcba1f9ba108492b43f15045eaac7392440f94154c7

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_452b43fd-be21-4bfa-9ae4-2bbe82b5a347.raw~RFe5908d0.TMP
                                                                                                                                                                                Filesize

                                                                                                                                                                                365B

                                                                                                                                                                                MD5

                                                                                                                                                                                cd497fd87594260ebf4c83d29df5b717

                                                                                                                                                                                SHA1

                                                                                                                                                                                c15518c7769484e477a8b6e8240039cb24f09d9b

                                                                                                                                                                                SHA256

                                                                                                                                                                                ab9ff9720f34e97cbbec258fdfa8d3cc9b552732935f2585af94583c10924d9a

                                                                                                                                                                                SHA512

                                                                                                                                                                                7aaf89526475bfa0ffef98d5fb17a889d6e8d3a95ab88d4b25c6aa732c55a05764e75e31c8e9d2ec4f38ac6e3ecdde033ec573b06dff9fc1969107edfed10c1a

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\GraphiteDawnCache\data_2
                                                                                                                                                                                Filesize

                                                                                                                                                                                8KB

                                                                                                                                                                                MD5

                                                                                                                                                                                0962291d6d367570bee5454721c17e11

                                                                                                                                                                                SHA1

                                                                                                                                                                                59d10a893ef321a706a9255176761366115bedcb

                                                                                                                                                                                SHA256

                                                                                                                                                                                ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

                                                                                                                                                                                SHA512

                                                                                                                                                                                f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Local State
                                                                                                                                                                                Filesize

                                                                                                                                                                                2KB

                                                                                                                                                                                MD5

                                                                                                                                                                                ebb50e6dd3d88d12d8bd5a1b0604e767

                                                                                                                                                                                SHA1

                                                                                                                                                                                d7676ef59f552549627fd258461f20d7d230a46b

                                                                                                                                                                                SHA256

                                                                                                                                                                                ba422ce74a4dc463f00b9052bcb09ad447cb39bad373722bfb7263367a1353e5

                                                                                                                                                                                SHA512

                                                                                                                                                                                c647259aa4d5754065e9c6ef34f6b34491e0a72404379d9dcc468b8fa3c97a75799d2d90491b5d39d65d20d03832b6b987873177b0144ad0d46053d2546545f0

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Local State
                                                                                                                                                                                Filesize

                                                                                                                                                                                3KB

                                                                                                                                                                                MD5

                                                                                                                                                                                72d5bfb5ee7b8aa49969ea6fac5cf9f1

                                                                                                                                                                                SHA1

                                                                                                                                                                                ce0d2ab0c67ce497c6177f5eef1f5a229732da8c

                                                                                                                                                                                SHA256

                                                                                                                                                                                f9ac81dce8f98e7673db8d97edd0ef3980f8fa36852a95407c815c600c776d70

                                                                                                                                                                                SHA512

                                                                                                                                                                                d66a82db9c01bc132fb61d6d507226b54cc9ed2a3f8e74c39d850a5edc9c6b06d1a9e997b7cc089c585f378c1101f24e7438b4475933ff0edebea7726e00adbe

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Local State~RFe58752b.TMP
                                                                                                                                                                                Filesize

                                                                                                                                                                                2KB

                                                                                                                                                                                MD5

                                                                                                                                                                                dac006e3d8138e6b5cebb7cbf8856861

                                                                                                                                                                                SHA1

                                                                                                                                                                                4e9e0cffbfe49ac827856c3dbfd58622b1b2bfb1

                                                                                                                                                                                SHA256

                                                                                                                                                                                18e6f7fe32515f9f545c87600c0aa6aad9a61d3cd64a13a410ef3aad9fc40aa3

                                                                                                                                                                                SHA512

                                                                                                                                                                                0375892443ec31d175843e4130ccc47b42a2c4830556c1c0548289f7e0dd34585c38aeeac3446e25c2bdb2e1dde02eafd211b6d773869d0b1a9dfe8f26c0be19

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\clip64.dll
                                                                                                                                                                                Filesize

                                                                                                                                                                                109KB

                                                                                                                                                                                MD5

                                                                                                                                                                                726cd06231883a159ec1ce28dd538699

                                                                                                                                                                                SHA1

                                                                                                                                                                                404897e6a133d255ad5a9c26ac6414d7134285a2

                                                                                                                                                                                SHA256

                                                                                                                                                                                12fef2d5995d671ec0e91bdbdc91e2b0d3c90ed3a8b2b13ddaa8ad64727dcd46

                                                                                                                                                                                SHA512

                                                                                                                                                                                9ea82e7cb6c6a58446bd5033855947c3e2d475d2910f2b941235e0b96aa08eec822d2dd17cc86b2d3fce930f78b799291992408e309a6c63e3011266810ea83e

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll
                                                                                                                                                                                Filesize

                                                                                                                                                                                1.2MB

                                                                                                                                                                                MD5

                                                                                                                                                                                15a42d3e4579da615a384c717ab2109b

                                                                                                                                                                                SHA1

                                                                                                                                                                                22aeedeb2307b1370cdab70d6a6b6d2c13ad2301

                                                                                                                                                                                SHA256

                                                                                                                                                                                3c97bb410e49b11af8116feb7240b7101e1967cae7538418c45c3d2e072e8103

                                                                                                                                                                                SHA512

                                                                                                                                                                                1eb7f126dccc88a2479e3818c36120f5af3caa0d632b9ea803485ee6531d6e2a1fd0805b1c4364983d280df23ea5ca3ad4a5fca558ac436efae36af9b795c444

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\configurationValue\Traffic.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                541KB

                                                                                                                                                                                MD5

                                                                                                                                                                                1fc4b9014855e9238a361046cfbf6d66

                                                                                                                                                                                SHA1

                                                                                                                                                                                c17f18c8246026c9979ab595392a14fe65cc5e9f

                                                                                                                                                                                SHA256

                                                                                                                                                                                f38c27ecbeed9721f0885d3b2f2f767d60a5d1c0a5c98433357f570987da3e50

                                                                                                                                                                                SHA512

                                                                                                                                                                                2af234cac24ec4a508693d9affa7f759d4b29bb3c9ddffd9e6350959fd4da26501553399d2b02a8eeae8dace6bfe9b2ce50462ce3c6547497f5b0ea6ed226b12

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\AppData\Roaming\configurationValue\propro.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                304KB

                                                                                                                                                                                MD5

                                                                                                                                                                                cc90e3326d7b20a33f8037b9aab238e4

                                                                                                                                                                                SHA1

                                                                                                                                                                                236d173a6ac462d85de4e866439634db3b9eeba3

                                                                                                                                                                                SHA256

                                                                                                                                                                                bd73ee49a23901f9fb235f8a5b29adc72cc637ad4b62a9760c306900cb1678b7

                                                                                                                                                                                SHA512

                                                                                                                                                                                b5d197a05a267bf66509b6d976924cd6f5963532a9f9f22d1763701d4fba3dfa971e0058388249409884bc29216fb33a51846562a5650f81d99ce14554861521

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\Pictures\4F64qZ30BN4hFO61epxC6KZs.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                437KB

                                                                                                                                                                                MD5

                                                                                                                                                                                7960d8afbbac06f216cceeb1531093bb

                                                                                                                                                                                SHA1

                                                                                                                                                                                008221bf66a0749447cffcb86f2d1ec80e23fc76

                                                                                                                                                                                SHA256

                                                                                                                                                                                f6e476e8ccb571b9d7a76234953ad428e883ff4712b0062498ba3275d9749b84

                                                                                                                                                                                SHA512

                                                                                                                                                                                35d12e81eb892aeb2237049beca61a81469dea5b1c9b7a0b9f49fbf95a95c756509d9e76c732fb10b504f9f9692e1fbe83ea2fd09d791f793a928c01974b8147

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\Pictures\5qnmaPTLQPHEFQCLQarcFDZK.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                378KB

                                                                                                                                                                                MD5

                                                                                                                                                                                fa59460aff82eff9ca906292a8bbccbd

                                                                                                                                                                                SHA1

                                                                                                                                                                                30834e038745b9118b70cdfe2662d2b1eddfcc3a

                                                                                                                                                                                SHA256

                                                                                                                                                                                c2153ebf78a3a93de56e3a1e276ab645f278c6744c7c84472fea0d62ddb47c85

                                                                                                                                                                                SHA512

                                                                                                                                                                                b9b0e781347db0770cf2bdd38753dea6013de381729a9dae3d941c2e55b24a365ddb2a04d456f4d16a0aae7f074ef8ad8d36824535dad9418abc839288c4eaff

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\Pictures\B7fKSiGZCoN1839einCu52kc.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.1MB

                                                                                                                                                                                MD5

                                                                                                                                                                                35a835055aab9b3db753c947e11e30f7

                                                                                                                                                                                SHA1

                                                                                                                                                                                b2e70d70b65a73a5a11fe2fdeb58d1ba32ff75f8

                                                                                                                                                                                SHA256

                                                                                                                                                                                63f0c3cb9123af68a4e899d80adca62c2781110d98378185d9453c09676bbdc6

                                                                                                                                                                                SHA512

                                                                                                                                                                                4069bf83da32a679aac0ebf34b45b83d5becbff2d0a43ec9887133d03f8ed8f6d8d0328f4e41ecae1f6b23f101da5e21f8532909d18341fdaad52937b3e04789

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\Pictures\FxcpQC1akvPjOjARjeKKsR7y.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.1MB

                                                                                                                                                                                MD5

                                                                                                                                                                                606324b58337520fcdd57160c5feeb7b

                                                                                                                                                                                SHA1

                                                                                                                                                                                e2e4c7355c82dbdfd65796228f1af3f29fb64fd7

                                                                                                                                                                                SHA256

                                                                                                                                                                                8058c51022a657582edad0e24dd62eed342233822dbdbfc386a83a01d4be73a1

                                                                                                                                                                                SHA512

                                                                                                                                                                                53ff137e22c73f40aae4f6ca4997e6e404c5715901124495698fb55b7f9e991ed3baba90202f2452fb4b3c4714c2de2dc02f1727ac3df8281269ec897f8db61f

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\Pictures\GxAQqYTjEItYG8gGaDWlobVL.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                7KB

                                                                                                                                                                                MD5

                                                                                                                                                                                5b423612b36cde7f2745455c5dd82577

                                                                                                                                                                                SHA1

                                                                                                                                                                                0187c7c80743b44e9e0c193e993294e3b969cc3d

                                                                                                                                                                                SHA256

                                                                                                                                                                                e0840d2ea74a00dcc545d770b91d9d889e5a82c7bedf1b989e0a89db04685b09

                                                                                                                                                                                SHA512

                                                                                                                                                                                c26a1e7e96dbd178d961c630abd8e564ef69532f386fb198eb20119a88ecab2fe885d71ac0c90687c18910ce00c445f352a5e8fbf5328f3403964f7c7802414c

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\Pictures\KIcZgPDV35OYFxR7Awn9R96V.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                5.1MB

                                                                                                                                                                                MD5

                                                                                                                                                                                aad030443859164dbe403ce162d4f08f

                                                                                                                                                                                SHA1

                                                                                                                                                                                20728da62894904db29ee63d1f779a7c547d5ebb

                                                                                                                                                                                SHA256

                                                                                                                                                                                ea98962f0985ab59be6a085665eb84a1fea06777fc54523a882633339382bb50

                                                                                                                                                                                SHA512

                                                                                                                                                                                390ed975127e65a797080aa0240e89345e05cabfaf7f573729053e264661d214217f834486c86c787f8d1ab02dc5a1526e262d05da732952b69ea6d66883dfcd

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\Pictures\Mf5IPYdbahT7heX8UL5gteHR.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                3KB

                                                                                                                                                                                MD5

                                                                                                                                                                                186fc169b2c75ed3dec10137b19f7367

                                                                                                                                                                                SHA1

                                                                                                                                                                                25c981b6ca17953d55a3865c8f191dc658cf189a

                                                                                                                                                                                SHA256

                                                                                                                                                                                aa117b6b3f200c479975b2f28fb50d4611d51c3bce8d3f95875d1cc3226b6556

                                                                                                                                                                                SHA512

                                                                                                                                                                                684ef942c8a4df711494f266790434b35ce0afb9cf31dc7d5131ef29fb51c5d4c9cb13442dc613370a329f82be2f868cb157de258e1d64173e6958f3a5efd79a

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • C:\Users\Admin\Pictures\jCgPKlWOb71vUXCgyjux8tOH.exe
                                                                                                                                                                                Filesize

                                                                                                                                                                                3KB

                                                                                                                                                                                MD5

                                                                                                                                                                                e442b1cf2512d9bc52089a9b3c4b4db8

                                                                                                                                                                                SHA1

                                                                                                                                                                                ae4f281ea13804c184db575e4c8f946bf7db13d9

                                                                                                                                                                                SHA256

                                                                                                                                                                                6a949edd536aa09f0c78a755720dd8b4be73770fe81aa6cd166136559c0d451c

                                                                                                                                                                                SHA512

                                                                                                                                                                                b020a0d5092843d0f1d1bd5f055b9679fc2d523ad73d046a9574e6daf50541588186f4163b1314b57a0d1af2e2771243fddcd749fef5bd22654180d9387be1eb

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • \??\pipe\LOCAL\crashpad_4456_HTADSNCIPZOICQCB
                                                                                                                                                                                MD5

                                                                                                                                                                                d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                                                SHA1

                                                                                                                                                                                da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                                                SHA256

                                                                                                                                                                                e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                                                SHA512

                                                                                                                                                                                cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

                                                                                                                                                                                Download Submit
                                                                                                                                                                              • memory/464-569-0x0000000000D90000-0x0000000001250000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/1860-445-0x0000000000400000-0x0000000000592000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                1.6MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/2304-1055-0x0000000000400000-0x0000000000D1C000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                9.1MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/2304-1236-0x0000000000400000-0x0000000000D1C000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                9.1MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/2924-717-0x0000000000400000-0x0000000000450000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                320KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/2932-1053-0x0000000000400000-0x0000000000D1C000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                9.1MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/2932-1252-0x0000000000400000-0x0000000000D1C000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                9.1MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3036-988-0x0000000061E00000-0x0000000061EF3000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                972KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3036-1056-0x0000000000400000-0x000000000063B000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                2.2MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3404-1251-0x0000000000560000-0x0000000000A22000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3404-390-0x0000000005050000-0x0000000005051000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3404-832-0x0000000000560000-0x0000000000A22000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3404-391-0x0000000005090000-0x0000000005091000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3404-397-0x00000000050C0000-0x00000000050C1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3404-567-0x0000000000560000-0x0000000000A22000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3404-392-0x0000000005030000-0x0000000005031000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3404-393-0x0000000005040000-0x0000000005041000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3404-1046-0x0000000000560000-0x0000000000A22000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3404-394-0x0000000005070000-0x0000000005071000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3404-389-0x0000000005060000-0x0000000005061000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3404-388-0x0000000000560000-0x0000000000A22000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3404-396-0x00000000050B0000-0x00000000050B1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3404-364-0x0000000000560000-0x0000000000A22000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3528-534-0x0000000000720000-0x0000000000AD5000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                3.7MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3528-52-0x0000000000720000-0x0000000000AD5000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                3.7MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3528-726-0x0000000000720000-0x0000000000AD5000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                3.7MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3528-1141-0x0000000000720000-0x0000000000AD5000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                3.7MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3528-54-0x0000000000720000-0x0000000000AD5000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                3.7MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3528-322-0x0000000000720000-0x0000000000AD5000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                3.7MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3528-346-0x0000000000720000-0x0000000000AD5000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                3.7MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/3528-980-0x0000000000720000-0x0000000000AD5000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                3.7MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4020-343-0x0000023E325C0000-0x0000023E325D0000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                64KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4020-347-0x0000023E325C0000-0x0000023E325D0000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                64KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4020-348-0x0000023E328C0000-0x0000023E328D2000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                72KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4020-342-0x0000023E325C0000-0x0000023E325D0000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                64KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4020-323-0x0000023E32560000-0x0000023E32582000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                136KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4020-355-0x00007FFDF6C20000-0x00007FFDF76E1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                10.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4020-349-0x0000023E32590000-0x0000023E3259A000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                40KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4020-335-0x00007FFDF6C20000-0x00007FFDF76E1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                10.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4200-3-0x0000000005080000-0x0000000005081000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4200-22-0x0000000000990000-0x0000000000E50000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4200-10-0x00000000050D0000-0x00000000050D1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4200-11-0x00000000050C0000-0x00000000050C1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4200-9-0x00000000050A0000-0x00000000050A1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4200-8-0x0000000005060000-0x0000000005061000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4200-7-0x0000000005050000-0x0000000005051000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4200-6-0x00000000050B0000-0x00000000050B1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4200-5-0x0000000005070000-0x0000000005071000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4200-4-0x0000000005090000-0x0000000005091000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4200-2-0x0000000000990000-0x0000000000E50000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4200-0-0x0000000000990000-0x0000000000E50000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4200-1-0x0000000077194000-0x0000000077196000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                8KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4300-371-0x00000000000C0000-0x0000000000580000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4300-385-0x0000000004A20000-0x0000000004A21000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4300-361-0x00000000000C0000-0x0000000000580000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4300-395-0x00000000000C0000-0x0000000000580000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4300-373-0x0000000004A60000-0x0000000004A61000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4300-372-0x0000000004A50000-0x0000000004A51000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4300-374-0x0000000004A40000-0x0000000004A41000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4300-375-0x0000000004A90000-0x0000000004A91000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4300-387-0x0000000004A80000-0x0000000004A81000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4300-386-0x0000000004A30000-0x0000000004A31000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4648-891-0x0000000000260000-0x0000000000615000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                3.7MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4648-1050-0x0000000000260000-0x0000000000615000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                3.7MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4648-419-0x0000000000260000-0x0000000000615000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                3.7MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4648-600-0x0000000000260000-0x0000000000615000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                3.7MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-1250-0x00000000000C0000-0x0000000000580000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-30-0x0000000005480000-0x0000000005481000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-33-0x00000000054F0000-0x00000000054F1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-32-0x0000000005500000-0x0000000005501000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-823-0x00000000000C0000-0x0000000000580000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-370-0x00000000000C0000-0x0000000000580000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-23-0x00000000000C0000-0x0000000000580000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-1042-0x00000000000C0000-0x0000000000580000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-25-0x00000000000C0000-0x0000000000580000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-26-0x00000000054B0000-0x00000000054B1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-27-0x00000000054C0000-0x00000000054C1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-28-0x00000000054A0000-0x00000000054A1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-29-0x00000000054E0000-0x00000000054E1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-568-0x00000000000C0000-0x0000000000580000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-266-0x00000000000C0000-0x0000000000580000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-31-0x0000000005490000-0x0000000005491000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4864-173-0x00000000000C0000-0x0000000000580000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4868-1054-0x0000000000400000-0x0000000000D1C000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                9.1MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/4868-1253-0x0000000000400000-0x0000000000D1C000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                9.1MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/5364-751-0x0000000000400000-0x0000000000408000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                32KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/5924-302-0x0000000004D50000-0x0000000004D51000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/5924-309-0x00000000006E0000-0x0000000000BA2000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/5924-269-0x00000000006E0000-0x0000000000BA2000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/5924-272-0x0000000004CF0000-0x0000000004CF1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/5924-273-0x0000000004D00000-0x0000000004D01000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/5924-274-0x0000000004CE0000-0x0000000004CE1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/5924-275-0x0000000004D20000-0x0000000004D21000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/5924-276-0x0000000004CC0000-0x0000000004CC1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/5924-277-0x0000000004CD0000-0x0000000004CD1000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/5924-303-0x0000000004D40000-0x0000000004D41000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/5924-253-0x00000000006E0000-0x0000000000BA2000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.8MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/6472-914-0x0000000000400000-0x000000000046D000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                436KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/6472-926-0x0000000000400000-0x000000000046D000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                436KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/6472-972-0x0000000003940000-0x0000000003D40000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.0MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/6472-977-0x00007FFE17C70000-0x00007FFE17E65000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                2.0MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/6472-981-0x0000000076EB0000-0x00000000770C5000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                2.1MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/6548-1067-0x0000000000400000-0x00000000008AD000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.7MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/7148-987-0x00007FFE17C70000-0x00007FFE17E65000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                2.0MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/7148-983-0x0000000000880000-0x0000000000889000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                36KB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/7148-986-0x00000000023B0000-0x00000000027B0000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                4.0MB

                                                                                                                                                                                Download
                                                                                                                                                                              • memory/7148-991-0x0000000076EB0000-0x00000000770C5000-memory.dmp
                                                                                                                                                                                Filesize

                                                                                                                                                                                2.1MB

                                                                                                                                                                                Download