amadey | 42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1

Analysis

max time kernel
73s
max time network
308s
platform
windows10-1703_x64
resource
win10-20240221-en
resource tags

arch:x64arch:x86image:win10-20240221-enlocale:en-usos:windows10-1703-x64system
submitted
01-04-2024 04:54

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exe
Size

1.8MB
MD5

b038bb5a98656ac3b783cefb5ba02b5b
SHA1

60248cb04f665d3cc367798572bbc3dc5cfd3ec9
SHA256

42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1
SHA512

c08edd88bd76fcc497fbdacb98505f418f78ed9b524690d30fdc5b6e1e6f5bb35f90ed8171414fff4d6077d3207ca159a9b4b64a549e5d16e974f7a8b4016797
SSDEEP

49152:VybW0RKC9onvSwbRyz0hKgStzQf/oHc5P1HmNo:EbWGP9oL1yzEKaTpm

Score

10^/10

amadey redline risepro zgrat @oleh_psp jok123 livetraffic evasion infostealer persistence rat spyware stealer trojan

Malware Config

Extracted

Family

amadey

Version

4.17

http://185.215.113.32

Attributes

install_dir
00c07260dc
install_file
explorgu.exe
strings_key
461809bd97c251ba0c0c8450c7055f1d
url_paths
/yandex/index.php

rc4.plain

Extracted

Family

redline

Botnet

@OLEH_PSP

185.172.128.33:8970

Extracted

Family

redline

Botnet

Jok123

185.215.113.67:26260

Extracted

Family

amadey

Version

4.18

http://193.233.132.56

Attributes

install_dir
09fd851a4f
install_file
explorha.exe
strings_key
443351145ece4966ded809641c77cfa8
url_paths
/Pneh2sXQk0/index.php

rc4.plain

Extracted

Family

redline

Botnet

LiveTraffic

4.185.137.132:1632

Signatures

Amadey
Amadey bot is a simple trojan bot primarily used for collecting reconnaissance information.
trojan amadey

Detect ZGRat V1 4 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\1000985001\alex1234.exe	family_zgrat_v1
behavioral2/memory/2628-58-0x0000000000120000-0x00000000002DC000-memory.dmp	family_zgrat_v1
C:\Users\Admin\AppData\Local\Temp\1001040001\32456.exe	family_zgrat_v1
C:\Users\Admin\AppData\Local\Temp\1001053001\goldprimeldlldf.exe	family_zgrat_v1

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 8 IoCs

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Roaming\configurationValue\Traffic.exe	family_redline
C:\Users\Admin\AppData\Roaming\configurationValue\propro.exe	family_redline
behavioral2/memory/2868-80-0x0000000000530000-0x0000000000582000-memory.dmp	family_redline
behavioral2/memory/4304-104-0x0000000000B00000-0x0000000000B8C000-memory.dmp	family_redline
C:\Users\Admin\AppData\Local\Temp\1001039001\redlinepanel.exe	family_redline
behavioral2/memory/2660-156-0x0000000000A60000-0x0000000000AB0000-memory.dmp	family_redline
C:\Users\Admin\AppData\Local\Temp\1001040001\32456.exe	family_redline
behavioral2/memory/4856-259-0x0000000000400000-0x0000000000450000-memory.dmp	family_redline

RisePro
RisePro stealer is an infostealer distributed by PrivateLoader.
stealer risepro
ZGRat
ZGRat is remote access trojan written in C#.
rat zgrat

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 4 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exeexplorgu.exerandom.exeamadka.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	explorgu.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	random.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	amadka.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 8 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

amadka.exe42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exeexplorgu.exerandom.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	amadka.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	amadka.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	explorgu.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	explorgu.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	random.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	random.exe

Executes dropped EXE 7 IoCs

Processes:

explorgu.exerandom.exealex1234.exeTraffic.exepropro.exeamadka.exeredlinepanel.exe

pid process

3824 explorgu.exe
664 random.exe
2628 alex1234.exe
4304 Traffic.exe
2868 propro.exe
3720 amadka.exe
2660 redlinepanel.exe

pid	process
3824	explorgu.exe
664	random.exe
2628	alex1234.exe
4304	Traffic.exe
2868	propro.exe
3720	amadka.exe
2660	redlinepanel.exe

Identifies Wine through registry keys 2 TTPs 4 IoCs

Wine is a compatibility layer capable of running Windows applications, which can be used as sandboxing environment.

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exeexplorgu.exerandom.exeamadka.exe

description	ioc	process
Key opened	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Software\Wine	42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exe
Key opened	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Software\Wine	explorgu.exe
Key opened	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Software\Wine	random.exe
Key opened	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Software\Wine	amadka.exe

Loads dropped DLL 2 IoCs

Processes:

rundll32.exerundll32.exe

pid process

4936 rundll32.exe
4524 rundll32.exe
Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

pid	process
4936	rundll32.exe
4524	rundll32.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

explorgu.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-2772066395-907917261-1982757236-1000\Software\Microsoft\Windows\CurrentVersion\Run\amadka.exe = "C:\\Users\\Admin\\AppData\\Local\\Temp\\1001031001\\amadka.exe"	explorgu.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

44 pastebin.com
45 pastebin.com
Looks up external IP address via web service 4 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

108 api.myip.com
109 api.myip.com
120 ipinfo.io
121 ipinfo.io

flow	ioc
44	pastebin.com
45	pastebin.com

flow	ioc
108	api.myip.com
109	api.myip.com
120	ipinfo.io
121	ipinfo.io

AutoIT Executable 1 IoCs

AutoIT scripts compiled to PE executables.

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\1000044001\go.exe	autoit_exe

Suspicious use of NtSetInformationThreadHideFromDebugger 3 IoCs

Processes:

42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exeexplorgu.exeamadka.exe

pid process

4584 42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exe
3824 explorgu.exe
3720 amadka.exe
Suspicious use of SetThreadContext 1 IoCs

Processes:

alex1234.exe

description pid process target process

PID 2628 set thread context of 4312 2628 alex1234.exe RegAsm.exe

description	pid	process	target process
PID 2628 set thread context of 4312	2628	alex1234.exe	RegAsm.exe

Drops file in Windows directory 2 IoCs

Processes:

42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exeamadka.exe

description	ioc	process
File created	C:\Windows\Tasks\explorgu.job	42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exe
File created	C:\Windows\Tasks\explorha.job	amadka.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082
Program crash 2 IoCs

Processes:

WerFault.exeWerFault.exe

pid pid_target process target process

4396 2260 WerFault.exe swiiiii.exe
5560 376 WerFault.exe koooooo.exe
Creates scheduled task(s) 1 TTPs 1 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
persistence

Scheduled Task/Job
T1053

Processes:

schtasks.exe

pid process

4804 schtasks.exe

pid	pid_target	process	target process
4396	2260	WerFault.exe	swiiiii.exe
5560	376	WerFault.exe	koooooo.exe

pid	process
4804	schtasks.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

propro.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064	propro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\F1A578C4CB5DE79A370893983FD4DA8B67B2B064\Blob = 0b000000010000004800000054006900740061006e00690075006d00200052006f006f007400200043006500720074006900660069006300610074006500200041007500740068006f00720069007400790000000200000001000000cc0000001c0000006c00000001000000000000000000000000000000010000007b00340031003700340034004200450034002d0031003100430035002d0034003900340043002d0041003200310033002d004200410030004300450039003400340039003300380045007d00000000004d006900630072006f0073006f0066007400200045006e00680061006e006300650064002000430072007900700074006f0067007200610070006800690063002000500072006f00760069006400650072002000760031002e00300000000000030000000100000014000000f1a578c4cb5de79a370893983fd4da8b67b2b06420000000010000000a03000030820306308201eea003020102020867f7beb96a4c2798300d06092a864886f70d01010b0500302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f72697479301e170d3233303331343130333532305a170d3236303631373130333532305a302e312c302a06035504030c23546974616e69756d20526f6f7420436572746966696361746520417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a028201010086e4577a5861ce819177d005fa51d5515a936c610ccfcbde5332cd151da647ee881a245c9b02833b02af3d76fe20bd3bfaf7a20973e72ebd9440d09d8c3d2713bdf0d09feb9532acd7a42da2a952daa86a2a88ee427d30959d90bfba05276aa02998a6986fc01306629b79b8405d1f1fa6d9a42f827afc7566340dc2de27012b94bb4a27b3cb1c219a3cb2c14203f34451bd626520edd4dbcc414f593f2acbc48479f7143cbe139cfd129c913e5303dc20f94c44358901b69a848d7ea02e308a311560ac00ae009a29109aeed9713dd8919b97ed598058e17f0726c7a020f710abc06291dfaaf181c6be6a76c89cb68eb0b0ec1cd95f326c7e55588bfd76c5190203010001a328302630130603551d25040c300a06082b06010505070301300f0603551d130101ff040530030101ff300d06092a864886f70d01010b0500038201010070851293d757e982797dc5f7f27da894ef0cdb329f06a6096e0cf604b0e54711560ef40f5282082e210f55a3db41f312548b7611f5f0dacea3c78b13f6fc243c02b106665be69e184088415b273999b877bee353a248cec7eeb5a095c2174bc9526cafe3372c59dbfbe758134ed351e5147273fec68577ae4552a6f99ac80ca8d0ee422af528858c6be81cb0a8031ab0ae83c0eb5564f4e87a5c06295d3903eee2fdf92d62a7f4d4054deaa79bcaebda4e8b1a6efd42aef9d01c7075728cb13aa8557c85a72532b5e2d6c3e55041c9867ca8f562bbd2ab0c3710d83173ec3781d1dcaac5c6e07ee726624dfdc5814cffd336e17932f89beb9cf7fdbee9bebf61	propro.exe

Runs ping.exe 1 TTPs 1 IoCs

Remote System Discovery
T1018

Processes:

PING.EXE

pid process

7556 PING.EXE

pid	process
7556	PING.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exeexplorgu.exeamadka.exerundll32.exe

pid	process
4584	42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exe
4584	42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exe
3824	explorgu.exe
3824	explorgu.exe
3720	amadka.exe
3720	amadka.exe
4524	rundll32.exe
4524	rundll32.exe
4524	rundll32.exe
4524	rundll32.exe
4524	rundll32.exe
4524	rundll32.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

Traffic.exe

description pid process

Token: SeDebugPrivilege 4304 Traffic.exe
Suspicious use of FindShellTrayWindow 1 IoCs

Processes:

42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exe

pid process

4584 42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exe

description	pid	process
Token: SeDebugPrivilege	4304	Traffic.exe

Suspicious use of WriteProcessMemory 35 IoCs

Processes:

explorgu.exealex1234.exeRegAsm.exerundll32.exerundll32.exe

description	pid	process	target process
PID 3824 wrote to memory of 664	3824	explorgu.exe	random.exe
PID 3824 wrote to memory of 664	3824	explorgu.exe	random.exe
PID 3824 wrote to memory of 664	3824	explorgu.exe	random.exe
PID 3824 wrote to memory of 2628	3824	explorgu.exe	alex1234.exe
PID 3824 wrote to memory of 2628	3824	explorgu.exe	alex1234.exe
PID 3824 wrote to memory of 2628	3824	explorgu.exe	alex1234.exe
PID 2628 wrote to memory of 3832	2628	alex1234.exe	RegAsm.exe
PID 2628 wrote to memory of 3832	2628	alex1234.exe	RegAsm.exe
PID 2628 wrote to memory of 3832	2628	alex1234.exe	RegAsm.exe
PID 2628 wrote to memory of 4312	2628	alex1234.exe	RegAsm.exe
PID 2628 wrote to memory of 4312	2628	alex1234.exe	RegAsm.exe
PID 2628 wrote to memory of 4312	2628	alex1234.exe	RegAsm.exe
PID 2628 wrote to memory of 4312	2628	alex1234.exe	RegAsm.exe
PID 2628 wrote to memory of 4312	2628	alex1234.exe	RegAsm.exe
PID 2628 wrote to memory of 4312	2628	alex1234.exe	RegAsm.exe
PID 2628 wrote to memory of 4312	2628	alex1234.exe	RegAsm.exe
PID 2628 wrote to memory of 4312	2628	alex1234.exe	RegAsm.exe
PID 4312 wrote to memory of 2868	4312	RegAsm.exe	propro.exe
PID 4312 wrote to memory of 2868	4312	RegAsm.exe	propro.exe
PID 4312 wrote to memory of 2868	4312	RegAsm.exe	propro.exe
PID 4312 wrote to memory of 4304	4312	RegAsm.exe	Traffic.exe
PID 4312 wrote to memory of 4304	4312	RegAsm.exe	Traffic.exe
PID 3824 wrote to memory of 3720	3824	explorgu.exe	amadka.exe
PID 3824 wrote to memory of 3720	3824	explorgu.exe	amadka.exe
PID 3824 wrote to memory of 3720	3824	explorgu.exe	amadka.exe
PID 3824 wrote to memory of 2660	3824	explorgu.exe	redlinepanel.exe
PID 3824 wrote to memory of 2660	3824	explorgu.exe	redlinepanel.exe
PID 3824 wrote to memory of 2660	3824	explorgu.exe	redlinepanel.exe
PID 3824 wrote to memory of 4936	3824	explorgu.exe	rundll32.exe
PID 3824 wrote to memory of 4936	3824	explorgu.exe	rundll32.exe
PID 3824 wrote to memory of 4936	3824	explorgu.exe	rundll32.exe
PID 4936 wrote to memory of 4524	4936	rundll32.exe	WerFault.exe
PID 4936 wrote to memory of 4524	4936	rundll32.exe	WerFault.exe
PID 4524 wrote to memory of 2444	4524	rundll32.exe	netsh.exe
PID 4524 wrote to memory of 2444	4524	rundll32.exe	netsh.exe

C:\Users\Admin\AppData\Local\Temp\42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exe
"C:\Users\Admin\AppData\Local\Temp\42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Identifies Wine through registry keys
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
PID:4584

C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Executes dropped EXE
- Identifies Wine through registry keys
- Adds Run key to start application
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:3824
- C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe
  "C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Identifies Wine through registry keys
  PID:664
- C:\Users\Admin\AppData\Local\Temp\1000985001\alex1234.exe
  "C:\Users\Admin\AppData\Local\Temp\1000985001\alex1234.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetThreadContext
  - Suspicious use of WriteProcessMemory
  PID:2628
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:3832
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:4312
  - - C:\Users\Admin\AppData\Roaming\configurationValue\propro.exe
      "C:\Users\Admin\AppData\Roaming\configurationValue\propro.exe"
      4⤵
      Executes dropped EXE
      Modifies system certificate store
      PID:2868
  - - C:\Users\Admin\AppData\Roaming\configurationValue\Traffic.exe
      "C:\Users\Admin\AppData\Roaming\configurationValue\Traffic.exe"
      4⤵
      Executes dropped EXE
      Suspicious use of AdjustPrivilegeToken
      PID:4304
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /C choice /C Y /N /D Y /T 3 & Del "RegAsm.exe"
      4⤵
      PID:2856
    - - C:\Windows\SysWOW64\choice.exe
        
        choice /C Y /N /D Y /T 3
        5⤵
        
        PID:736
- C:\Users\Admin\AppData\Local\Temp\1001031001\amadka.exe
  "C:\Users\Admin\AppData\Local\Temp\1001031001\amadka.exe"
  2⤵
  - Identifies VirtualBox via ACPI registry values (likely anti-VM)
  - Checks BIOS information in registry
  - Executes dropped EXE
  - Identifies Wine through registry keys
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  PID:3720
- - C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
    "C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe"
    3⤵
    PID:1372
  - - C:\Users\Admin\AppData\Local\Temp\1000042001\79a0fbe083.exe
      "C:\Users\Admin\AppData\Local\Temp\1000042001\79a0fbe083.exe"
      4⤵
      PID:972
  - - C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
      "C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe"
      4⤵
      PID:212
  - - C:\Users\Admin\AppData\Local\Temp\1000044001\go.exe
      "C:\Users\Admin\AppData\Local\Temp\1000044001\go.exe"
      4⤵
      PID:5264
  - - C:\Users\Admin\AppData\Local\Temp\1000046001\amert.exe
      "C:\Users\Admin\AppData\Local\Temp\1000046001\amert.exe"
      4⤵
      PID:5724
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
      4⤵
      PID:6104
    - - C:\Windows\system32\rundll32.exe
        
        "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll, Main
        5⤵
        
        PID:428
      - C:\Windows\system32\netsh.exe
        
        netsh wlan show profiles
        6⤵
        
        PID:5224
      - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\772066395907_Desktop.zip' -CompressionLevel Optimal
        6⤵
        
        PID:5204
  - - C:\Windows\SysWOW64\rundll32.exe
      "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\clip64.dll, Main
      4⤵
      PID:5740
- C:\Windows\SysWOW64\rundll32.exe
  "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:4936
- - C:\Windows\system32\rundll32.exe
    "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll, Main
    3⤵
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of WriteProcessMemory
    PID:4524
  - - C:\Windows\system32\netsh.exe
      netsh wlan show profiles
      4⤵
      PID:2444
  - - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
      powershell -Command Compress-Archive -Path 'C:\Users\Admin\AppData\Local\Temp\_Files_\' -DestinationPath 'C:\Users\Admin\AppData\Local\Temp\772066395907_Desktop.zip' -CompressionLevel Optimal
      4⤵
      PID:60
- C:\Users\Admin\AppData\Local\Temp\1001039001\redlinepanel.exe
  "C:\Users\Admin\AppData\Local\Temp\1001039001\redlinepanel.exe"
  2⤵
  - Executes dropped EXE
  PID:2660
- C:\Users\Admin\AppData\Local\Temp\1001040001\32456.exe
  "C:\Users\Admin\AppData\Local\Temp\1001040001\32456.exe"
  2⤵
  PID:208
- C:\Users\Admin\AppData\Local\Temp\1001053001\goldprimeldlldf.exe
  "C:\Users\Admin\AppData\Local\Temp\1001053001\goldprimeldlldf.exe"
  2⤵
  PID:4896
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:4856
- C:\Users\Admin\AppData\Local\Temp\1001059001\NewB.exe
  "C:\Users\Admin\AppData\Local\Temp\1001059001\NewB.exe"
  2⤵
  PID:3644
- - C:\Windows\SysWOW64\schtasks.exe
    "C:\Windows\System32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN NewB.exe /TR "C:\Users\Admin\AppData\Local\Temp\1001059001\NewB.exe" /F
    3⤵
    - Creates scheduled task(s)
    PID:4804
- - C:\Users\Admin\AppData\Local\Temp\1000183001\Uni400uni.exe
    "C:\Users\Admin\AppData\Local\Temp\1000183001\Uni400uni.exe"
    3⤵
    PID:360
  - - C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe
      "C:\Windows\Microsoft.NET\Framework\v4.0.30319\installutil.exe"
      4⤵
      PID:6020
    - - C:\Users\Admin\Pictures\8aNz7eqiC6SJytM0jBVEHY7R.exe
        
        "C:\Users\Admin\Pictures\8aNz7eqiC6SJytM0jBVEHY7R.exe"
        5⤵
        
        PID:5856
      - C:\Users\Admin\AppData\Local\Temp\u4io.0.exe
        
        "C:\Users\Admin\AppData\Local\Temp\u4io.0.exe"
        6⤵
        
        PID:6180
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\system32\cmd.exe" /c start "" "C:\Users\Admin\AppData\Local\Temp\IJDGCAEBFI.exe"
        7⤵
        
        PID:5204
        
        C:\Users\Admin\AppData\Local\Temp\IJDGCAEBFI.exe
        
        "C:\Users\Admin\AppData\Local\Temp\IJDGCAEBFI.exe"
        8⤵
        
        PID:7860
        
        C:\Windows\SysWOW64\cmd.exe
        
        "C:\Windows\System32\cmd.exe" /C ping 2.2.2.2 -n 1 -w 3000 > Nul & Del C:\Users\Admin\AppData\Local\Temp\IJDGCAEBFI.exe
        9⤵
        
        PID:3044
        
        C:\Windows\SysWOW64\PING.EXE
        
        ping 2.2.2.2 -n 1 -w 3000
        10⤵
        Runs ping.exe
        
        PID:7556
      - C:\Users\Admin\AppData\Local\Temp\u4io.1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\u4io.1.exe"
        6⤵
        
        PID:6788
        
        C:\Users\Admin\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe
        
        "C:\Users\Admin\AppData\Local\Temp\iolo\dm\SystemMechanic_5488CB36-BE62-4606-B07B-2EE938868BD1.exe" /eieci=11A12794-499E-4FA0-A281-A9A9AA8B2685 /eipi=5488CB36-BE62-4606-B07B-2EE938868BD1
        7⤵
        
        PID:6096
    - - C:\Users\Admin\Pictures\ZD9TktAByddddRrDO1cp0hZ0.exe
        
        "C:\Users\Admin\Pictures\ZD9TktAByddddRrDO1cp0hZ0.exe"
        5⤵
        
        PID:5456
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        
        PID:924
      - C:\Users\Admin\Pictures\ZD9TktAByddddRrDO1cp0hZ0.exe
        
        "C:\Users\Admin\Pictures\ZD9TktAByddddRrDO1cp0hZ0.exe"
        6⤵
        
        PID:8052
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        7⤵
        
        PID:208
    - - C:\Users\Admin\Pictures\5UepcnWmJtBxE3kFtlODWz3C.exe
        
        "C:\Users\Admin\Pictures\5UepcnWmJtBxE3kFtlODWz3C.exe"
        5⤵
        
        PID:5468
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        
        PID:6980
      - C:\Users\Admin\Pictures\5UepcnWmJtBxE3kFtlODWz3C.exe
        
        "C:\Users\Admin\Pictures\5UepcnWmJtBxE3kFtlODWz3C.exe"
        6⤵
        
        PID:7068
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        7⤵
        
        PID:5352
    - - C:\Users\Admin\Pictures\grFrwvq838FBiqeMTeHJIzdm.exe
        
        "C:\Users\Admin\Pictures\grFrwvq838FBiqeMTeHJIzdm.exe"
        5⤵
        
        PID:5868
      - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        6⤵
        
        PID:7660
      - C:\Users\Admin\Pictures\grFrwvq838FBiqeMTeHJIzdm.exe
        
        "C:\Users\Admin\Pictures\grFrwvq838FBiqeMTeHJIzdm.exe"
        6⤵
        
        PID:5204
        
        C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -nologo -noprofile
        7⤵
        
        PID:6844
    - - C:\Users\Admin\Pictures\CC82Z9DP0K4zwuVlGfiPSD02.exe
        
        "C:\Users\Admin\Pictures\CC82Z9DP0K4zwuVlGfiPSD02.exe"
        5⤵
        
        PID:6384
    - - C:\Users\Admin\Pictures\xmmesChgcL1vFDr7UYQZrd4p.exe
        
        "C:\Users\Admin\Pictures\xmmesChgcL1vFDr7UYQZrd4p.exe" --silent --allusers=0
        5⤵
        
        PID:6568
      - C:\Users\Admin\Pictures\xmmesChgcL1vFDr7UYQZrd4p.exe
        
        C:\Users\Admin\Pictures\xmmesChgcL1vFDr7UYQZrd4p.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.35 --initial-client-data=0x2a8,0x2ac,0x2b0,0x284,0x2b4,0x6ae0e1d0,0x6ae0e1dc,0x6ae0e1e8
        6⤵
        
        PID:6640
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\xmmesChgcL1vFDr7UYQZrd4p.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\xmmesChgcL1vFDr7UYQZrd4p.exe" --version
        6⤵
        
        PID:6760
      - C:\Users\Admin\Pictures\xmmesChgcL1vFDr7UYQZrd4p.exe
        
        "C:\Users\Admin\Pictures\xmmesChgcL1vFDr7UYQZrd4p.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=6568 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20240401045651" --session-guid=b14cc426-4b6e-4443-9343-142a3c7a1a16 --server-tracking-blob=MzU0ZWVhNTQ2MWY2YTM1OWQ3YmYyNWYyMjU0MDc4YmE4MjZhZGU4MjRlMzhmZGQ4Njc4NWVlYzZlMTdjM2JmYjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1ta3QmdXRtX2NhbXBhaWduPTc2N18xMjMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE5NDczOTkuOTkzMyIsInV0bSI6eyJjYW1wYWlnbiI6Ijc2N18xMjMiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJta3QifSwidXVpZCI6IjY4ZTU3YzE0LTliM2MtNDI4ZS05YTMwLWJjZGM5NTI5MWMyYyJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=4C04000000000000
        6⤵
        
        PID:6888
        
        C:\Users\Admin\Pictures\xmmesChgcL1vFDr7UYQZrd4p.exe
        
        C:\Users\Admin\Pictures\xmmesChgcL1vFDr7UYQZrd4p.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.35 --initial-client-data=0x2a0,0x2a4,0x2b4,0x27c,0x2b8,0x6a03e1d0,0x6a03e1dc,0x6a03e1e8
        7⤵
        
        PID:6940
        
        C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\installer.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\installer.exe" --backend --initial-pid=6568 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --show-intro-overlay --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511" --session-guid=b14cc426-4b6e-4443-9343-142a3c7a1a16 --server-tracking-blob=MzU0ZWVhNTQ2MWY2YTM1OWQ3YmYyNWYyMjU0MDc4YmE4MjZhZGU4MjRlMzhmZGQ4Njc4NWVlYzZlMTdjM2JmYjp7ImNvdW50cnkiOiJHQiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cy8/dXRtX21lZGl1bT1hcGImdXRtX3NvdXJjZT1ta3QmdXRtX2NhbXBhaWduPTc2N18xMjMiLCJzeXN0ZW0iOnsicGxhdGZvcm0iOnsiYXJjaCI6Ing4Nl82NCIsIm9wc3lzIjoiV2luZG93cyIsIm9wc3lzLXZlcnNpb24iOiIxMCIsInBhY2thZ2UiOiJFWEUifX0sInRpbWVzdGFtcCI6IjE3MTE5NDczOTkuOTkzMyIsInV0bSI6eyJjYW1wYWlnbiI6Ijc2N18xMjMiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJta3QifSwidXVpZCI6IjY4ZTU3YzE0LTliM2MtNDI4ZS05YTMwLWJjZGM5NTI5MWMyYyJ9 --silent --desktopshortcut=1 --install-subfolder=109.0.5097.35
        7⤵
        
        PID:7788
        
        C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\installer.exe
        
        C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.35 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7ff9df6b7c80,0x7ff9df6b7c8c,0x7ff9df6b7c98
        8⤵
        
        PID:7552
        
        C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\installer_helper_64.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\installer_helper_64.exe" 1 "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\Opera Browser.lnk"
        8⤵
        
        PID:2080
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\assistant\assistant_installer.exe" --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera\assistant" --copyonly=0 --allusers=0
        8⤵
        
        PID:2924
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x15a0040,0x15a004c,0x15a0058
        9⤵
        
        PID:6600
        
        C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --ran-launcher --install-extension="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\be76331b95dfc399cd776d2fc68021e0db03cc4f.crx"
        8⤵
        
        PID:6660
        
        C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe
        
        C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.35 --initial-client-data=0x288,0x28c,0x290,0x284,0x294,0x7ff9d10c3150,0x7ff9d10c3160,0x7ff9d10c3170
        9⤵
        
        PID:6324
        
        C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1860,i,17218391039692449000,12316636653128749525,262144 --variations-seed-version --mojo-platform-channel-handle=1856 /prefetch:2
        9⤵
        
        PID:4860
        
        C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --no-appcompat-clear --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --field-trial-handle=1748,i,17218391039692449000,12316636653128749525,262144 --variations-seed-version --mojo-platform-channel-handle=1892 /prefetch:3
        9⤵
        
        PID:6488
        
        C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --field-trial-handle=2172,i,17218391039692449000,12316636653128749525,262144 --variations-seed-version --mojo-platform-channel-handle=2308 /prefetch:8
        9⤵
        
        PID:5552
        
        C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --show-intro-overlay --start-maximized
        8⤵
        
        PID:5624
        
        C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe
        
        C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.35 --initial-client-data=0x290,0x294,0x298,0x28c,0x29c,0x7ff9d10c3150,0x7ff9d10c3160,0x7ff9d10c3170
        9⤵
        
        PID:7024
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\assistant\Assistant_108.0.5067.20_Setup.exe_sfx.exe"
        6⤵
        
        PID:6932
      - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\assistant\assistant_installer.exe" --version
        6⤵
        
        PID:7848
        
        C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x15a0040,0x15a004c,0x15a0058
        7⤵
        
        PID:8044
- C:\Users\Admin\AppData\Local\Temp\1001073001\swiiiii.exe
  "C:\Users\Admin\AppData\Local\Temp\1001073001\swiiiii.exe"
  2⤵
  PID:2260
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:3296
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2260 -s 788
    3⤵
    - Program crash
    PID:4396
- C:\Windows\SysWOW64\rundll32.exe
  "C:\Windows\System32\rundll32.exe" C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll, Main
  2⤵
  PID:2928
- C:\Users\Admin\AppData\Local\Temp\1001078001\koooooo.exe
  "C:\Users\Admin\AppData\Local\Temp\1001078001\koooooo.exe"
  2⤵
  PID:376
- - C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
    "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
    3⤵
    PID:5528
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 376 -s 784
    3⤵
    - Program crash
    PID:5560

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:5524

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:5320

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6368

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6956

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6808

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6352

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6604

C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
1⤵
PID:7604

C:\Users\Admin\AppData\Local\Temp\1001059001\NewB.exe
C:\Users\Admin\AppData\Local\Temp\1001059001\NewB.exe
1⤵
PID:7692

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s fhsvc
1⤵
PID:7924

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -s WPDBusEnum
1⤵
PID:7908

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:6204

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:3028

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3428

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4588

C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
1⤵
PID:5600

C:\Users\Admin\AppData\Local\Temp\1001059001\NewB.exe
C:\Users\Admin\AppData\Local\Temp\1001059001\NewB.exe
1⤵
PID:1992

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4900

C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe" --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera\assistant" --run-assistant --allusers=0
1⤵
PID:5636
- C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe
  C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=108.0.5067.20 --initial-client-data=0x24c,0x250,0x254,0x228,0xac,0x14c0040,0x14c004c,0x14c0058
  2⤵
  PID:3648
- C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe"
  2⤵
  PID:1360
- - C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
    "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --stream
    3⤵
    PID:7524
  - - C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe
      C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.35 --initial-client-data=0x294,0x298,0x29c,0x290,0x2a0,0x7ff9d10c3150,0x7ff9d10c3160,0x7ff9d10c3170
      4⤵
      PID:2336

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6336
- C:\Windows\system32\WerFault.exe
  C:\Windows\system32\WerFault.exe -u -p 6336 -s 3368
  2⤵
  PID:4524

C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
"C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --show-intro-overlay --start-maximized --lowered-browser
1⤵
PID:7504
- C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe
  C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_crashreporter.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.35 --initial-client-data=0x288,0x28c,0x290,0x284,0x298,0x7ff9d10c3150,0x7ff9d10c3160,0x7ff9d10c3170
  2⤵
  PID:5088
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=gpu-process --no-appcompat-clear --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=1856 /prefetch:2
  2⤵
  PID:1560
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --no-appcompat-clear --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --field-trial-handle=1760,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=1996 /prefetch:3
  2⤵
  PID:5908
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --field-trial-handle=2136,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=2172 /prefetch:8
  2⤵
  PID:5768
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --field-trial-handle=2504,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:7012
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --field-trial-handle=2724,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:1332
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --field-trial-handle=2736,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=3192 /prefetch:8
  2⤵
  PID:7312
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --field-trial-handle=2744,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=3432 /prefetch:8
  2⤵
  PID:7152
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --field-trial-handle=2752,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  PID:6736
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3032,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=3636 /prefetch:1
  2⤵
  PID:6996
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3048,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:6560
- C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_gx_splash.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\opera_gx_splash.exe" --instance-name=dbff851fa759ccb33e726f883720ae50
  2⤵
  PID:7156
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4008,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:5156
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3524,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=3332 /prefetch:2
  2⤵
  PID:7752
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4036,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=4228 /prefetch:1
  2⤵
  PID:6436
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3724,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  PID:236
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --no-appcompat-clear --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3500,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:616
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=renderer --extension-process --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2364,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=3748 /prefetch:2
  2⤵
  PID:5232
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --field-trial-handle=1304,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=5252 /prefetch:8
  2⤵
  PID:7396
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --field-trial-handle=4960,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=3764 /prefetch:8
  2⤵
  PID:4344
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --enable-quic --no-appcompat-clear --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --field-trial-handle=4968,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  PID:3832
- C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --no-appcompat-clear --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-cities=on --with-feature:address-bar-keywords-monetization=on --with-feature:amazon-new-ids=on --with-feature:amp-requests-stats=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-maker-studio-integration=on --with-feature:gaming-api=on --with-feature:lucid-mode-hide-text=on --with-feature:native-crypto-wallet=on --with-feature:opera-startpage-special=on --with-feature:password-generator=off --with-feature:premium-valve-in=on --with-feature:proxy-switcher-ui-default-visible=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:shopping-corner=on --with-feature:sitecheck-age=on --with-feature:specific-keywords=on --with-feature:startpage-sync-banner-ref=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GROW-2836-test-3:GROW-2836 --field-trial-handle=5112,i,15327770749169478427,15733042585469757900,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:3
  2⤵
  PID:7812
- C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\installer.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\109.0.5097.35\installer.exe" --fix-taskbar-pins
  2⤵
  PID:3092
- C:\Users\Admin\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe" --bypasslauncher --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default" --pipeid=oauc_pipe2906202b27b41e4bd66c9238c4b575c1
  2⤵
  PID:7656

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:5024

C:\Users\Admin\AppData\Local\Temp\1001059001\NewB.exe
C:\Users\Admin\AppData\Local\Temp\1001059001\NewB.exe
1⤵
PID:7876

C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
C:\Users\Admin\AppData\Local\Temp\09fd851a4f\explorha.exe
1⤵
PID:7296

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4892

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x31c
1⤵
PID:6312

C:\Users\Admin\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe
C:\Users\Admin\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher --requesttype=automatic --scheduledtask --bypasslauncher --pipeid=oauc_task_pipedcbb8f53eff625f232ff45d764476217
1⤵
PID:6132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Scheduled Task/Job

T1053

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Virtualization/Sandbox Evasion

T1497

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Are.docx

Filesize
11KB

MD5
a33e5b189842c5867f46566bdbf7a095

SHA1
e1c06359f6a76da90d19e8fd95e79c832edb3196

SHA256
5abf8e3d1f78de7b09d7f6fb87f9e80e60caacf13ef3c1289665653dacd7c454

SHA512
f2ad3812ec9b915e9618539b0f103f2e9acaad25fbbacd84941c954ce070af231324e83a4621e951c1dbae8d40d50410954e40dd52bbd46e34c54b0d1957407b

Download Submit
C:\ProgramData\mozglue.dll

Filesize
593KB

MD5
c8fd9be83bc728cc04beffafc2907fe9

SHA1
95ab9f701e0024cedfbd312bcfe4e726744c4f2e

SHA256
ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

SHA512
fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\U6RWB5N3\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\2O9LLFT8\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ETBRSDSC\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\ETOS0JC3\4Kv5U5b1o3f[1].png

Filesize
610B

MD5
a81a5e7f71ae4153e6f888f1c92e5e11

SHA1
39c3945c30abff65b372a7d8c691178ae9d9eee0

SHA256
2bc7a47889c56ad49f1b8b97385d5a4d212e79bb8a9b30df0665a165f58b273e

SHA512
1df32349b33f6a6fcb1f8b6093abd737fa0638cdd6e3fd90a7e1852bd0e40bc2633cb4e13c4824fb948d1e012e5cb9eed0b038b121404865495d4e57e123db69

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera\assistant\assistant_installer.exe

Filesize
1.9MB

MD5
b3f05009b53af6435e86cfd939717e82

SHA1
770877e7c5f03e8d684984fe430bdfcc2cf41b26

SHA256
3ea8d40fcede1fc03e5603246d75d13e8d44d7229d4c390c39a55534053027f7

SHA512
d2dee80aaa79b19f1eb1db85079a05f621780e06bfea9e838b62d757ba29399f9090ec7c6ff553377c9b712f3ba8dd812cdff39f3e28829928e86746a8ac6b27

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\Opera Browser.lnk

Filesize
1KB

MD5
93cdaa36bc747f3e703dece7a6b4c121

SHA1
fef1ab34a805cfd0abb710473cf0dbb8e37e7ba4

SHA256
4112ca9fe884b0b32238513b6183bb94d0253fc984dded754c744ee18f32ec8e

SHA512
364b673c2c51b5ac0302cd9e91a7af97cbb52aed5e53d110d0693edba04ccf105a735e84c311ab34b4ce61ef676ad6cc2d70572ae769cf42b229cb9ea2e80196

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\additional_file0.tmp

Filesize
2.5MB

MD5
20d293b9bf23403179ca48086ba88867

SHA1
dedf311108f607a387d486d812514a2defbd1b9e

SHA256
fd996b95ae46014edfd630bfc2bf8bc9e626adf883a1da017a8c3973b68ec348

SHA512
5d575c6f0d914583f9bb54f7b884caf9182f26f850da9bdd962f4ed5ed7258316a46fafaf3828dccb6916baaadb681fe1d175a3f4ed59f56066dc7e32b66f7b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\installer_prefs_include.json

Filesize
230B

MD5
27f9241970b6e8ef139530e5851747a2

SHA1
b3f15e54dd79dd410dd94c778e4a8f09986e3390

SHA256
9dd1710e042b91fa3af32207c98aab0e04e26ccff25edb0965ad11db00f29584

SHA512
b68d85a04e3a952ace1c63e78fb1117f548be77166ebd1d0ba340ce4cdba9bf59cb8cc22b35e7dac234b41ba64a15b445ea5015893c39327a699b789b48fa42e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\installer_prefs_include.json

Filesize
1016B

MD5
0ac65232224bd65273a9803d32a5875e

SHA1
c860bd142190fda4f9db45a5ef554736a1483885

SHA256
212e238852f0e96cf23a6457c1d80c260cb654611c02577a35d6b7d74142fff1

SHA512
9e97e42c56164b811c1111d2615a1787dac827e85518826bb312edf3e3652f5ba512dd782d5c3a8ddc0179a67a8fddef7848fecf58a0b073ca2b5993559791bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\installer_prefs_include.json.backup

Filesize
215B

MD5
3b15e56b89e95c7bcc09e6c08defec99

SHA1
83339f461f9e533ec37a92a999b69557c0d2beaf

SHA256
b32fa797e6e1b5376d6d89b914423bfa620f8d4c6c7d1aad3c6f9c91c4309c58

SHA512
c1229067e1ac4c55b850a8af5219967db25c0e17865398a31c349c39281149c6907a25b8008f07499559ff1795e8eaab906511e344b4d6e0031942fdcb342a6d

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202404010456511\opera_package

Filesize
103.9MB

MD5
401c352990789be2f40fe8f9c5c7a5ac

SHA1
d7c1e902487511d3f4e1a57abdee8a94d5483ed4

SHA256
f62f4ebc7eca46d9cddfb02cc0305da5efdd6f3601fb0f53da555e19558869a3

SHA512
efc6d4224e3721e91efb2ea8f4b74685cba607260c69d08eac26866c52b8127080a42799d9f76ab1661b8ca63c946fcf35dddf0a63ab3cd258ea44a27dd769c8

Download Submit
C:\Users\Admin\AppData\Local\Temp\00c07260dc\explorgu.exe

Filesize
1.8MB

MD5
b038bb5a98656ac3b783cefb5ba02b5b

SHA1
60248cb04f665d3cc367798572bbc3dc5cfd3ec9

SHA256
42920feea274c9aec61bd85c301687f30384d2d7613bef7b7fa16b29913eb5a1

SHA512
c08edd88bd76fcc497fbdacb98505f418f78ed9b524690d30fdc5b6e1e6f5bb35f90ed8171414fff4d6077d3207ca159a9b4b64a549e5d16e974f7a8b4016797

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000044001\go.exe

Filesize
894KB

MD5
2f8912af892c160c1c24c9f38a60c1ab

SHA1
d2deae508e262444a8f15c29ebcc7ebbe08a3fdb

SHA256
59ff8e0aa665fbbf749c7548906a655cb1869bb58a3b7546efa5b416d19e6308

SHA512
0395383bde98d358b0a7f2224f903dff026ce0c6d90feb49ac0e6993ef692143b0eb25da84d9cdc9e7b373a7b75a6dbaef14746eda1bff165d59f07ca51a16bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000046001\amert.exe

Filesize
1.8MB

MD5
e5749e3d5ee5eaca5052e737f8963d79

SHA1
ef60077563e3f0c169766b751ec6b4618ebb39b6

SHA256
b1d107ad03eebe9dea02a53578c223f5af87dd4c81d1520bbb40c04ce326dd2e

SHA512
7ce79e3f4b2f1b97e2e375299a3cc450e954f5ea97f444999103ca2c436f6e48c185c1675800a71ab793f7ce6725a8a1a11cc3ebf9a9261d800e381e80bbed6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000183001\Uni400uni.exe

Filesize
379KB

MD5
b264fee6ed0c634983be2b7ea4f854e6

SHA1
f125a58da078e64b0bccc7012e341eefbe67ed0b

SHA256
b443e71c000e0750a88e821dfcc804c8357a5017c12fa3e71256c486d93c6362

SHA512
0ee197acf5e2c46657ab85959baf5b3d194b28bc266c3dd1373a331654d7ab7b5abfe796910a6856d4833d26ddcbfa45a3d00a03664f349cc47c0f31dcfcc1ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000873001\random.exe

Filesize
3.0MB

MD5
516770743e65a07e2d0ec72025fd8668

SHA1
849f7aaae19a504518d375c92c5026b3f0c25911

SHA256
a3011027eb8c7672f1d540ef4e5cb07542c5884beb3764cf2b1571e4274b5911

SHA512
732091361020474320c793a4b87ab1856e6c9a5a0126246bbacf59a01a80168c590853cf2cc802132d392186964906c0225052e1a755b6ac87b8927f13c4da17

Download Submit
C:\Users\Admin\AppData\Local\Temp\1000985001\alex1234.exe

Filesize
1.7MB

MD5
85a15f080b09acace350ab30460c8996

SHA1
3fc515e60e4cfa5b3321f04a96c7fb463e4b9d02

SHA256
3a2006bc835a8ffe91b9ee9206f630b3172f42e090f4e8d90be620e540f5ef6b

SHA512
ade5e3531dfa1a01e6c2a69deb2962cbf619e766da3d6e8e3453f70ff55ccbcbe21381c7b97a53d67e1ca88975f4409b1a42a759e18f806171d29e4c3f250e9f

Download Submit
C:\Users\Admin\AppData\Local\Temp\1001031001\amadka.exe

Filesize
1.8MB

MD5
2beec974eceb18cf841a4478d8010f58

SHA1
00256c5ef7935d57609f5c650a74fe22bc9a4f94

SHA256
b88322cd121a87058ba3df1623d4a3dcca79f80b0b4f6e033eedca8f9854af8c

SHA512
664d71bb4a68640c2dc6c78d3b5f128fd1de0364df4f8bcccaee5eb80987676da29932f2ee27a2a3eb08ebcfb1140319b3607c0f9114e4937f711267d567b7e1

Download Submit
C:\Users\Admin\AppData\Local\Temp\1001039001\redlinepanel.exe

Filesize
301KB

MD5
832eb4dc3ed8ceb9a1735bd0c7acaf1b

SHA1
b622a406927fbb8f6cd5081bd4455fb831948fca

SHA256
2a82243697e2eec45bedc754adcdc1f6f41724a40c6d7d96fd41ad144899b6f7

SHA512
3ab8b25732a7152608be101a3daf0d55833c554ab968be8b3b79a49e1831f3ee0eeeb9586a3334fa387b1f160fd15e98a80dcfece559c9c257b44ef962874894

Download Submit
C:\Users\Admin\AppData\Local\Temp\1001040001\32456.exe

Filesize
499KB

MD5
83d0b41c7a3a0d29a268b49a313c5de5

SHA1
46f3251c771b67b40b1f3268caef8046174909a5

SHA256
09cc3364d5e1c15228822926bc65ce290c487dc3b7c0345bf265538110fa9cc9

SHA512
705ecc7c421338e37ed0d58c2d9fad03fb3565db422a0c9d895e75a399bf5f2a70cfe3ffdc860ffe010d4d1a213e0a844aeadb89ea8e0c830a2fc8c03b7669b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\1001053001\goldprimeldlldf.exe

Filesize
464KB

MD5
c084d6f6ba40534fbfc5a64b21ef99ab

SHA1
0b4a17da83c0a8abbc8fab321931d5447b32b720

SHA256
afd83290a2adb219c3f1b8fbf23c27b0994fe76dfbb7dc0b416530dc0e21f624

SHA512
a5384a2f7029cf946fde44e1ff30775754ce525ca5a6fdac14184872b6e684cb6e585053cb86d32f82cbd3db48eb195ba3a642d8ee3774be579fccd993938ca1

Download Submit
C:\Users\Admin\AppData\Local\Temp\1001059001\NewB.exe

Filesize
418KB

MD5
0099a99f5ffb3c3ae78af0084136fab3

SHA1
0205a065728a9ec1133e8a372b1e3864df776e8c

SHA256
919ae827ff59fcbe3dbaea9e62855a4d27690818189f696cfb5916a88c823226

SHA512
5ac4f3265c7dd7d172284fb28c94f8fc6428c27853e70989f4ec4208f9897be91720e8eee1906d8e843ab05798f3279a12492a32e8a118f5621ac5e1be2031b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\1001073001\swiiiii.exe

Filesize
321KB

MD5
1c7d0f34bb1d85b5d2c01367cc8f62ef

SHA1
33aedadb5361f1646cffd68791d72ba5f1424114

SHA256
e9e09c5e5d03d21fca820bd9b0a0ea7b86ab9e85cdc9996f8f1dc822b0cc801c

SHA512
53bf85d2b004f69bbbf7b6dc78e5f021aba71b6f814101c55d3bf76e6d058a973bc58270b6b621b2100c6e02d382f568d1e96024464e8ea81e6db8ccd948679d

Download Submit
C:\Users\Admin\AppData\Local\Temp\1001078001\koooooo.exe

Filesize
379KB

MD5
90f41880d631e243cec086557cb74d63

SHA1
cb385e4172cc227ba72baf29ca1c4411fa99a26d

SHA256
23b62a27e3f5c424b16f31e5009af4f24c8bd13b1f035f87879e2a29236be7a0

SHA512
eeb85b34aa66a7e9a1b1807012999ee439433df23126a52ffa8d4b3cb2026be3bcf63ca25f143de58ba929c0d4feeaf2a603fd6ec6b5379fc48147c22f3783e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\TmpA3CD.tmp

Filesize
2KB

MD5
1420d30f964eac2c85b2ccfe968eebce

SHA1
bdf9a6876578a3e38079c4f8cf5d6c79687ad750

SHA256
f3327793e3fd1f3f9a93f58d033ed89ce832443e2695beca9f2b04adba049ed9

SHA512
6fcb6ce148e1e246d6805502d4914595957061946751656567a5013d96033dd1769a22a87c45821e7542cde533450e41182cee898cd2ccf911c91bc4822371a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_4tt0uzdo.gqj.ps1

Filesize
1B

MD5
c4ca4238a0b923820dcc509a6f75849b

SHA1
356a192b7913b04c54574d18c28d46e6395428ab

SHA256
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

SHA512
4dff4ea340f0a823f15d3f4f01ab62eae0e5da579ccb851f8db9dfe84c58b2b37b89903a740e1ee172da793a6e79d560e5f7f9bd058a12a280433ed6fa46510a

Download Submit
C:\Users\Admin\AppData\Local\Temp\iolo\dm\ioloDMLog.txt

Filesize
3KB

MD5
250cffa0951ac6b73914a67252338a56

SHA1
f6c11a5d6e3e4660339ee49bbfd5a11c4e2af866

SHA256
13c86cc05cd050e80acd40019d514a0c208f8d7476d396ee171a5c99f75d26c3

SHA512
aad2d8b086ad954d7223b8b239c1cb4002ffe31bf71a3084e5428f6c65b74247353d497cf66a7b5062f1a1f3f353ac1c7cdd525e40fcbd2bc82a7a5f33d41c53

Download Submit
C:\Users\Admin\AppData\Local\Temp\u4io.0.exe

Filesize
268KB

MD5
6717e953cd5940df1825203d39af37e4

SHA1
472606dec216e9f576f2a0acff52feb44a4bcf4b

SHA256
90e4130707d4e9ae1407ce9176398a4d47f94c4210f74c65d10542310b936a79

SHA512
241fe01b3e8c950f0ba0636a2f90b00766341cd24e353a7fa12be1aa493e600a6a1f72ec96c07320717cd5bf9240fe753c6f637f37eb23b19b89737866f92815

Download Submit
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\clip64.dll

Filesize
109KB

MD5
2afdbe3b99a4736083066a13e4b5d11a

SHA1
4d4856cf02b3123ac16e63d4a448cdbcb1633546

SHA256
8d31b39170909595b518b1a03e9ec950540fabd545ed14817cac5c84b91599ee

SHA512
d89b3c46854153e60e3fa825b394344eee33936d7dbf186af9d95c9adae54428609e3bf21a18d38fce3d96f3e0b8e4e0ed25cb5004fbe288de3aef3a85b1d93f

Download Submit
C:\Users\Admin\AppData\Roaming\006700e5a2ab05\cred64.dll

Filesize
1.2MB

MD5
92fbdfccf6a63acef2743631d16652a7

SHA1
971968b1378dd89d59d7f84bf92f16fc68664506

SHA256
b4588feacc183cd5a089f9bb950827b75df04bd5a6e67c95ff258e4a34aa0d72

SHA512
b8ea216d4a59d8858fd4128abb555f8dcf3acca9138e663b488f09dc5200db6dc11ecc235a355e801145bbbb44d7beac6147949d75d78b32fe9cfd2fa200d117

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2772066395-907917261-1982757236-1000\76b53b3ec448f7ccdda2063b15d2bfc3_3feb073e-2575-4d8b-a1b0-6448036e224e

Filesize
2KB

MD5
cece590bcc6521f82463434985496d9a

SHA1
2f505643f1c46d80098d3cda878c92b92a4a282f

SHA256
4748834862dea5cdbaa778755ef4b09f086a2749e1b96d1f788e9bdeb69cd930

SHA512
fe8e177e4bfb6a295fce44a9420960fef43d3cf514f39debc85c56d2ca2beabbdf902f47fc760213cb1f5cc7c72a09bd19f2e5e1d16a5f77d3c71f21c7843c24

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
07e0702cfd95e101bf5a34a7d94053bb

SHA1
4e300c329b3ffa0396cb41163b2673c4bc0b166c

SHA256
fbdb5773b04e01c374921cdfbfa9dd941d350f26a7997363fbd2d493aecb0e3e

SHA512
fae05162d15053bfef68e9980fad7b537b2863f417aa79d2ec229bf103e232312e2760ee26291b4735a5d35b439ad285d6a913d5425e9e55a72fbdc284086ec5

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\Preferences

Filesize
7KB

MD5
6cefb5420888cdeff8b8e83d3920a2e7

SHA1
392635e63bfb21a433264337671262c8986bd9a5

SHA256
b99f682e03e7f86b8098299fbc5e6a9671c1f593809d872b613fa80703f9dd79

SHA512
6b8c1959b9c26d798abe8506d20c34bc07d55ea32f4a70f229966caf43340d112694511c8b0d8bc3184d6c84acb8daa47941508532d27fa353e27c46cf3be20c

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\Preferences

Filesize
8KB

MD5
a214488d0e70da6b14366ba3a816654f

SHA1
69016806d53c670a56b5e59dfa2a8eb4311ae5f7

SHA256
bb1290a6ee8cf950d872f30478d32721f6d22f774b76a2199579b1c239196b11

SHA512
81a555a241de5730a0a593af59acdfbdcd6863ae7afd420187757ad17f0690903b1715b444e784a8b395a3f8f0fe6034633aa877b5d246d1c99909cae1a007bc

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\Preferences~RFe5aacac.TMP

Filesize
7KB

MD5
890e4a392c645cf91adecada87ae934b

SHA1
d8309ae1fce0e79d8b7766db2b06d14d03b8e316

SHA256
70530d876756b8c412216baf6487898bb590d5d8bd5897e23e53292a5204c7f5

SHA512
9eccf09764ec16b07f473c7c6a6fd0853b069b789adfd22a94bd2aa26ff076a4c56f0e5a09f60cbed788cf29ad656f6dd3c2481491e1791db8131e36bf555cf2

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\Secure Preferences

Filesize
71KB

MD5
1aaa18f3406b7bc75f99581815e4f87f

SHA1
a7d47f6ebf4d9bc049deb3ec288d96d98a9caba8

SHA256
1820f75755196fca6621da47187588ed4f61a4ddabf33f7c54d9315e670cf4ed

SHA512
3d143d63a75406b5f95621e070a4b85484409d35a8684241f5e91ce42d77702a105b426065c3ffc1bf12372e83c4f8c717d93a495c49c3e7a65b96ff6ec6a698

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\Site Characteristics Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_24dee159-7f36-4805-908f-1c3a51319ca7.raw

Filesize
461B

MD5
efe4fecc07cf24e7e855daace750bddb

SHA1
e33e5e9e268eef89f80f5c106063247605c171e2

SHA256
1648137d8bfe8bb615f3cf1309c0a90d434c6bbb1e7d90e62e36020b0b16234c

SHA512
d29dbcb4b89fa9a887111e8d68a99f99547f1963bcb97a2f7d851fd6580a48cbc2819954172d04ae019e22de8ad5ca1f7ff4a7426a5681883c03c385b652fe8c

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_24dee159-7f36-4805-908f-1c3a51319ca7.raw

Filesize
1KB

MD5
b7aecf7a5bd3420512022d53db13fd73

SHA1
404c4c15c356559330daec55c987cd7dabfeede0

SHA256
fe1743c3fa05cb9a57f52de2f51f52f7745b4ca0e61b5f471066c3d9715dd9aa

SHA512
f569a714d7a448202fb0a82db5fa8d30e66fc778af1d15fb49703db5338094433cd0c48a644c6ab89cc12c27cb2c91d76f2f93b227b9e2bca3c9656a24026f9a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_24dee159-7f36-4805-908f-1c3a51319ca7.raw

Filesize
573B

MD5
f649abdd5b41c75ab446f77ce2f71f80

SHA1
e36defe1244dd155ce4a09de9952b8df5fa9dda3

SHA256
0081e14c6572bbc4151a3e1c40ef5cb14c2a4fa86298ee410af33cd5e76db036

SHA512
b553a8119fa668a2f27b3e5c9e165541061a76e29906c7dd8231522f659458b0d99045a970a009cfd981fe05a0109ab2fe48d627c9b9d2d43062534b9192af49

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_24dee159-7f36-4805-908f-1c3a51319ca7.raw

Filesize
669B

MD5
eb92cb7eb2cbf953466aad711bb168a1

SHA1
3f42525e9b8b780004b2a577b9df5b5aae775d17

SHA256
efd0f4f403cfa5f44877d011d7a44cdadd23182bba56cba7671a17b0bc5af9b4

SHA512
e80ce9c384fbd6bf677ac48565f94c0f683d4f625cc33a1ae65a11ace9934c8dbaeefe206b4e4728afa709d38c9bb5d4503a9b4bf1775a1c78f4f71ea820da72

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_24dee159-7f36-4805-908f-1c3a51319ca7.raw

Filesize
797B

MD5
9e1f18812a4bb0e385c42c7d60b78bfe

SHA1
ff4e5472c927c495990e15420aa75d787e7fbbaf

SHA256
8ef118bde043e70fd28e430f128e1e2e9876ab8a6b7d706fa275bdf751e73f5d

SHA512
881ccd8f4e78df40e0021d3bf93e05b3d3e812af579ba182536d23c3de126cbe0d5901b035df342f03cdc0a7111eedb1a68ed1e0fdc6c9e4c36413eda8a3320b

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_24dee159-7f36-4805-908f-1c3a51319ca7.raw

Filesize
909B

MD5
fb9ea509999edeb91280cac139e8a4eb

SHA1
eb191d0dc83e45b61736d1846f6de3f6524e59c1

SHA256
b33453aed35d963f308646dae03c02fcae6f1bdba34b5e8b7591c93d3f667868

SHA512
2012389b9a28e72f52ed742d411f236bdcad47c3185010fe9e292b33d9ff2cbb206749ff629fbd56b83ab5c5b6941b60e3b6ba7d259193c1eb89ba4b4e17f98f

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_24dee159-7f36-4805-908f-1c3a51319ca7.raw

Filesize
941B

MD5
79a7d16376d61ae378ebadf68d5f713a

SHA1
cd8ea0db26a3327dedbce41bdd88724022126cfd

SHA256
4529304bc424e1fd7f918e14618693d0f807b527687c7da304dcda50d12ec6c8

SHA512
5df78ad21e64afae7fe22c217f1aacd3bbe353e56483533ff7acb5ae10613f1902d1ff0d2473eaac3d822f17a35fd6d34b441573d24a8b4799027a0e59b43734

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_24dee159-7f36-4805-908f-1c3a51319ca7.raw

Filesize
989B

MD5
003342b55c4b53e5f11c93624b970a53

SHA1
babd3be74fbf74ba0dff0fc5d9023833d771bb8f

SHA256
b7a603bcead56d0dfc2b9183ac54bad245e8683310e19b595b907ecb2e87e1ac

SHA512
058de7e07c4e88f67eedede0fd73dd09f64fcd31abc406d5041034138e4ca394affd9bb10ba5b132a318024e68457453f8c6b6796213a3d88d14c8bbc381dff2

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_24dee159-7f36-4805-908f-1c3a51319ca7.raw

Filesize
1KB

MD5
681071588d5677e24b5b18ccdc87d2fa

SHA1
05dc11d41d8438257d0582d8027a309a1c93a88a

SHA256
c2ecc6c9deede3e4e9684756e52e62a5ed3c188a4d07ab73c6e0924f51c9667b

SHA512
2798728426c42cb3503f435a4d9361f4686e787eae77c07f2f83d5884fbc97d5cd98d9598a83651d59f1b11b637280a491bea141b9134950012ae36e7c4166f0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_24dee159-7f36-4805-908f-1c3a51319ca7.raw

Filesize
1KB

MD5
f7ea6e1d7003365746d4382d5d2c15af

SHA1
c4db430dbb0f5ba093ff5889373b80a610fc0d6e

SHA256
373b4de39dab928195c052d2e015063b30bebeccd2a254c74c4ad08f81498949

SHA512
ea6d6d6371dfe2d81af0e4e5713b068bb13d9a45c3f0d19d53ef88c4d9efcf3ae751f651a7cf8712a343aba9b76198252deea8d5513bc487ebad661705743c48

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_24dee159-7f36-4805-908f-1c3a51319ca7.raw

Filesize
1KB

MD5
072db4ff6b9e53b88d51c22714a1bb56

SHA1
55255a373a2af04c11dac43e111a0494ee031101

SHA256
2dbb0828d4a1334befbcf7304c3353f10f193934a974e972ae0b881956800762

SHA512
472f97053d9737250db6b91e2d74f0b3f9141dbba3a6afd86366156cd983b827d98c6ea3376bb809ca9944770b3fa429f6a79b248e3a86315de595dc406a2a84

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_24dee159-7f36-4805-908f-1c3a51319ca7.raw

Filesize
1KB

MD5
c25168ef384aab5041bd0fee10254d7c

SHA1
5c2c528ee4b045724437d22ccc4f05a29205a26c

SHA256
6c8f1368af66a63716c86c8921135b123b55883aba25b4b462cf838398781663

SHA512
df45016b65b179f6d97f68e3926a3618716a7c13816de886353d306ce1aec9c063f980f108a9101f216d971f87497e172ffa16f842af295ce8e0f67672e94031

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_24dee159-7f36-4805-908f-1c3a51319ca7.raw

Filesize
1KB

MD5
54cdb4ed74af764651d1290943cc099e

SHA1
07a5ffe3d245d2bcf93eea62b9c724ed3a1c061a

SHA256
e54db7cedc94db44ef8d6fd029ad72ab0a9f37c94238359ed62bb200754974fa

SHA512
0b79f32ad4bba6977d93e94e0e23d38d053611ec34bca856944cdbd2d12107f46f15c227ca6aeb669fbfec34be01fa0813aebbc6586960f898e5450532916b5a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Default\StatsSessions\session_24dee159-7f36-4805-908f-1c3a51319ca7.raw~RFe5b9816.TMP

Filesize
365B

MD5
5186f9fdc560d538469c52bcf88fa805

SHA1
18e73510145d1d6ac716529783dcaf3c44e40569

SHA256
5afc0db4b84deea7ff90168026a96293630a5b29ac0239ee0a28916a8713c302

SHA512
55709cd7f964a8e3f60ee52c5c6ea759eca6c53f9785e7983582667663044f23a23cbc546f2a3dacf58bc64908716b7c2a9555402740b317eb62de46b554a4b6

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Local State

Filesize
3KB

MD5
df84f2ca17ef7e192d0c66283d9cc95e

SHA1
8b0a1fa884f5775e0552120eaf9e666ab1588399

SHA256
dbc4a5f2b240266fdbc87b560493b64efbb35f6f565b2f592e8c3d7d754e4ba9

SHA512
709a3c23a0d8c61412e51d3e6bf130080b4c25fc214a5330257b303ed82d03bce9bce53bd3cb00c7b0409fe9c77cabebb221ef532e59a2b502472ab22f949e0d

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Local State

Filesize
2KB

MD5
54f711d321896efda87aa7ce52e26616

SHA1
a89b2b104996f382bae9fbcaaffef03fa5c1435b

SHA256
d15d1c8ee827aa75fb96d7b6afdab33660ff53186f09ba6222a3cb016dd8c7a5

SHA512
cc834cbac67993bbedc5973d7edd580958a90a9ead1d372643cb9eb1acc04914d6b93e895887aed2585ceacc2e425eeae99057143c01dee8b6f191844536d0c0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Local State~RFe5aab26.TMP

Filesize
2KB

MD5
de63f5dabfd24e4fac55e50d921af618

SHA1
c61f8425f7fb2dce184707c7c2136b4fa74bc8d1

SHA256
b62c036d5df3d1fa43e9339ead075eb87e1161a6b6eac9effdc3a4210836980c

SHA512
8d6b9f75310faa4927eeb242f9806404212b026121b20e6a97cfbee554a5fded0edf8a956a95521b932f7ff2dea25b02359432eeabbd6e8807b01ee8b97412ae

Download Submit
C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\clip64.dll

Filesize
109KB

MD5
726cd06231883a159ec1ce28dd538699

SHA1
404897e6a133d255ad5a9c26ac6414d7134285a2

SHA256
12fef2d5995d671ec0e91bdbdc91e2b0d3c90ed3a8b2b13ddaa8ad64727dcd46

SHA512
9ea82e7cb6c6a58446bd5033855947c3e2d475d2910f2b941235e0b96aa08eec822d2dd17cc86b2d3fce930f78b799291992408e309a6c63e3011266810ea83e

Download Submit
C:\Users\Admin\AppData\Roaming\a091ec0a6e2227\cred64.dll

Filesize
1.2MB

MD5
15a42d3e4579da615a384c717ab2109b

SHA1
22aeedeb2307b1370cdab70d6a6b6d2c13ad2301

SHA256
3c97bb410e49b11af8116feb7240b7101e1967cae7538418c45c3d2e072e8103

SHA512
1eb7f126dccc88a2479e3818c36120f5af3caa0d632b9ea803485ee6531d6e2a1fd0805b1c4364983d280df23ea5ca3ad4a5fca558ac436efae36af9b795c444

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\Traffic.exe

Filesize
541KB

MD5
1fc4b9014855e9238a361046cfbf6d66

SHA1
c17f18c8246026c9979ab595392a14fe65cc5e9f

SHA256
f38c27ecbeed9721f0885d3b2f2f767d60a5d1c0a5c98433357f570987da3e50

SHA512
2af234cac24ec4a508693d9affa7f759d4b29bb3c9ddffd9e6350959fd4da26501553399d2b02a8eeae8dace6bfe9b2ce50462ce3c6547497f5b0ea6ed226b12

Download Submit
C:\Users\Admin\AppData\Roaming\configurationValue\propro.exe

Filesize
304KB

MD5
cc90e3326d7b20a33f8037b9aab238e4

SHA1
236d173a6ac462d85de4e866439634db3b9eeba3

SHA256
bd73ee49a23901f9fb235f8a5b29adc72cc637ad4b62a9760c306900cb1678b7

SHA512
b5d197a05a267bf66509b6d976924cd6f5963532a9f9f22d1763701d4fba3dfa971e0058388249409884bc29216fb33a51846562a5650f81d99ce14554861521

Download Submit
C:\Users\Admin\Pictures\5UepcnWmJtBxE3kFtlODWz3C.exe

Filesize
4.1MB

MD5
f0c17349f605333e7a4b48e0fcaba0fe

SHA1
ce61454f6f7218a7b4eeae2d201cb7ad5309048c

SHA256
a0f4e08187ece5699bdb675b4995cc01bf7898c99dee7e9209b5b7af34cb9602

SHA512
fff7b94d5950e650be174cc2703d170d3bf098a481d709fdee2d9784f6c3fb84d060c711b6cc7f60b02ed86416295341b053b57b27e7719d3703dd21948a11ba

Download Submit
C:\Users\Admin\Pictures\8aNz7eqiC6SJytM0jBVEHY7R.exe

Filesize
410KB

MD5
acae9abdec095c75f62f21577dd37c35

SHA1
88e25ee43ca20501536c016d53fb40e8fc4801f5

SHA256
b2ff9214454fd3dcbf4da911620982c737247e78b47367d68f0cc2e973e48930

SHA512
56d9e3c6edca329b4c86c6d4dea87525f953bf412c971f348c6d20d6a1ff63b6b8988109d335a3232a9bb7599bca2ceb8b581826e51ac63716427c0bc88cb75a

Download Submit
C:\Users\Admin\Pictures\CBHIfDdKQpoVvTgaNddb1Kqo.exe

Filesize
3KB

MD5
be0218f1421b3d7975d628bc2a549270

SHA1
1615b9607c8dd6aa863b140f92bb246a1c12b00c

SHA256
d9ea63fcc60535fd3f743fc75709438808ba44305234b7ec93a66eef789582b7

SHA512
1099ab31ac4155e8cf2f128e5a5fdae12512b0c5872be3641e6fcf273cb7a368c839b9309c64ed6b71bdf64d27f159729c0ddea7fd95889929ae1d88192e8023

Download Submit
C:\Users\Admin\Pictures\CC82Z9DP0K4zwuVlGfiPSD02.exe

Filesize
6.2MB

MD5
a53350f9e7ca22dfd9bc443c2ba6d440

SHA1
2b120ea5008f5e6df5a95d771dd2d256fc713f0f

SHA256
448b14cd4e8322baf6774830784534faa4c43d36ef71d6fd930f81eed114dca4

SHA512
67cdf73f4ee1b1d82f05e4e124576466ee27cd2a4ed1883a29c8d4d5d5df6346971c8ba6e51963e4504d2dcb6bec26859ea5779c8b8fbcc4067c03c913f8cdfe

Download Submit
C:\Users\Admin\Pictures\LaY2cXVglrZznd9sfR2GbDer.exe

Filesize
7KB

MD5
5b423612b36cde7f2745455c5dd82577

SHA1
0187c7c80743b44e9e0c193e993294e3b969cc3d

SHA256
e0840d2ea74a00dcc545d770b91d9d889e5a82c7bedf1b989e0a89db04685b09

SHA512
c26a1e7e96dbd178d961c630abd8e564ef69532f386fb198eb20119a88ecab2fe885d71ac0c90687c18910ce00c445f352a5e8fbf5328f3403964f7c7802414c

Download Submit
C:\Users\Admin\Pictures\ZD9TktAByddddRrDO1cp0hZ0.exe

Filesize
4.2MB

MD5
1c642fc5ad39aa0711092e1e3fad88f5

SHA1
704c940e2ea705f4a86d286a5eb4781184bc6662

SHA256
0680743d62a7588625dc4b2fb73baea35a02163b1865147239a5464b320990fb

SHA512
be9b8d133ae31458745009b8f4ca90513a96816003c36155f3378d9a3c4664668928ee98ed7fb010ef4d04bd839552e64352cbd83fcf9b0862a55087b5e26121

Download Submit
C:\Users\Admin\Pictures\k0OEz2srn3AykObHR7F4XCp3.exe

Filesize
3KB

MD5
ae8344ce9360139aec40a0691b0019b4

SHA1
cdc138c535a6a2cf8518ff4c1acceadbdc02b628

SHA256
74f81c46b3bd1221df617a94af4e8c5a9bf9c4869722e6eb31f8bcb0afa6482f

SHA512
e2c7abbf4a225c61101c7b7598dda9b5567c88a0f885c03f7b89255a21bb5cc9e35369e11dda6cd77590f5871e02d688440dd37607ea9aeb00e7de8fd11fcf0a

Download Submit
C:\Users\Admin\Pictures\xmmesChgcL1vFDr7UYQZrd4p.exe

Filesize
5.1MB

MD5
3a36a934ded0a0b7d9dd4e39a5c84d4a

SHA1
028b9dd46101e37047cf6878dfbfcc72d7c816c2

SHA256
ee2b42d487d4b3d8bc5466c17e751f370eb2ef8adcb7ffaedc5dc98ae4bab160

SHA512
ce40764d447fdb1e19a0397e1a60f66d63edff7d509534af27857d9d9fcc3fa7b932fac4fff5c8ba1e2b83f19e853a76b7772ea430eb72da82f5f2735c539f14

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
bac00f04beb4d60fe99f0dc3301ad6ef

SHA1
35557c12dba508f63c60b1dd916b18ab171f4a8a

SHA256
b09d16a2ac1a33bed3524ea62dfc9ba0c74ba39469754403d64f7f87ee2c6f65

SHA512
4b689d90e862009b291efa9045d3f7eede15f46d38d2d56ceed7a27413722b3ef00947739f3eb127184bb2c94f17ef008023042ea7ec441ff8daec9309d8a313

Download Submit
C:\Windows\System32\GroupPolicy\gpt.ini

Filesize
127B

MD5
8ef9853d1881c5fe4d681bfb31282a01

SHA1
a05609065520e4b4e553784c566430ad9736f19f

SHA256
9228f13d82c3dc96b957769f6081e5bac53cffca4ffde0ba1e102d9968f184a2

SHA512
5ddee931a08cfea5bb9d1c36355d47155a24d617c2a11d08364ffc54e593064011dee4fea8ac5b67029cab515d3071f0ba0422bb76af492a3115272ba8feb005

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2404010456498016568.dll

Filesize
4.6MB

MD5
117176ddeaf70e57d1747704942549e4

SHA1
75e3ab6b3469d93cce9ea2f7e22b71b987ccdf2b

SHA256
3c5b34de987116a4d3240e319c0da89a951c96b81e6705476a0fea27b22b20af

SHA512
ca2a356929c92d314aab63d7f3b246d72783212dfa3a4507f28d41a51ca0eedc78e85b1cd453aa8e02c12509f847a0216bb702154f903291c804c8a98ec378b9

Download Submit
memory/212-355-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-378-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-423-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-427-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-425-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-411-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-415-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-465-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-463-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-437-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-457-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-461-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-459-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-421-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-341-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-449-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-447-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-417-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-408-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-431-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-374-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-381-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-403-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-384-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-435-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-393-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-397-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-395-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-400-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-405-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/212-406-0x0000000000400000-0x00000000007BA000-memory.dmp

Filesize
3.7MB

Download
memory/664-158-0x0000000000070000-0x000000000042A000-memory.dmp

Filesize
3.7MB

Download
memory/664-163-0x0000000000070000-0x000000000042A000-memory.dmp

Filesize
3.7MB

Download
memory/664-325-0x0000000000070000-0x000000000042A000-memory.dmp

Filesize
3.7MB

Download
memory/664-495-0x0000000000070000-0x000000000042A000-memory.dmp

Filesize
3.7MB

Download
memory/664-44-0x0000000000070000-0x000000000042A000-memory.dmp

Filesize
3.7MB

Download
memory/664-43-0x0000000000070000-0x000000000042A000-memory.dmp

Filesize
3.7MB

Download
memory/972-462-0x0000000000F90000-0x000000000134A000-memory.dmp

Filesize
3.7MB

Download
memory/1372-382-0x0000000000B60000-0x0000000001018000-memory.dmp

Filesize
4.7MB

Download
memory/1372-534-0x0000000000B60000-0x0000000001018000-memory.dmp

Filesize
4.7MB

Download
memory/2628-68-0x0000000071FF0000-0x00000000726DE000-memory.dmp

Filesize
6.9MB

Download
memory/2628-58-0x0000000000120000-0x00000000002DC000-memory.dmp

Filesize
1.7MB

Download
memory/2628-59-0x0000000071FF0000-0x00000000726DE000-memory.dmp

Filesize
6.9MB

Download
memory/2628-60-0x0000000004BB0000-0x0000000004BC0000-memory.dmp

Filesize
64KB

Download
memory/2628-69-0x0000000002520000-0x0000000004520000-memory.dmp

Filesize
32.0MB

Download
memory/2660-169-0x00000000055D0000-0x00000000055E0000-memory.dmp

Filesize
64KB

Download
memory/2660-165-0x0000000071FF0000-0x00000000726DE000-memory.dmp

Filesize
6.9MB

Download
memory/2660-156-0x0000000000A60000-0x0000000000AB0000-memory.dmp

Filesize
320KB

Download
memory/2868-82-0x00000000052E0000-0x00000000057DE000-memory.dmp

Filesize
5.0MB

Download
memory/2868-81-0x0000000071FF0000-0x00000000726DE000-memory.dmp

Filesize
6.9MB

Download
memory/2868-157-0x0000000006970000-0x0000000006F76000-memory.dmp

Filesize
6.0MB

Download
memory/2868-162-0x0000000006470000-0x00000000064AE000-memory.dmp

Filesize
248KB

Download
memory/2868-167-0x00000000065F0000-0x000000000663B000-memory.dmp

Filesize
300KB

Download
memory/2868-159-0x00000000064E0000-0x00000000065EA000-memory.dmp

Filesize
1.0MB

Download
memory/2868-80-0x0000000000530000-0x0000000000582000-memory.dmp

Filesize
328KB

Download
memory/2868-120-0x00000000059E0000-0x0000000005A56000-memory.dmp

Filesize
472KB

Download
memory/2868-83-0x0000000004E80000-0x0000000004F12000-memory.dmp

Filesize
584KB

Download
memory/2868-95-0x0000000004DF0000-0x0000000004DFA000-memory.dmp

Filesize
40KB

Download
memory/2868-94-0x0000000005110000-0x0000000005120000-memory.dmp

Filesize
64KB

Download
memory/2868-160-0x0000000006410000-0x0000000006422000-memory.dmp

Filesize
72KB

Download
memory/2868-144-0x0000000006100000-0x000000000611E000-memory.dmp

Filesize
120KB

Download
memory/3296-326-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/3296-340-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/3720-132-0x00000000055B0000-0x00000000055B1000-memory.dmp

Filesize
4KB

Download
memory/3720-142-0x0000000005590000-0x0000000005591000-memory.dmp

Filesize
4KB

Download
memory/3720-153-0x0000000005580000-0x0000000005581000-memory.dmp

Filesize
4KB

Download
memory/3720-177-0x0000000000C30000-0x00000000010E8000-memory.dmp

Filesize
4.7MB

Download
memory/3720-150-0x0000000005570000-0x0000000005571000-memory.dmp

Filesize
4KB

Download
memory/3720-146-0x00000000055D0000-0x00000000055D1000-memory.dmp

Filesize
4KB

Download
memory/3720-122-0x00000000055A0000-0x00000000055A1000-memory.dmp

Filesize
4KB

Download
memory/3720-119-0x0000000000C30000-0x00000000010E8000-memory.dmp

Filesize
4.7MB

Download
memory/3720-155-0x00000000055C0000-0x00000000055C1000-memory.dmp

Filesize
4KB

Download
memory/3720-168-0x00000000055F0000-0x00000000055F1000-memory.dmp

Filesize
4KB

Download
memory/3720-166-0x00000000055E0000-0x00000000055E1000-memory.dmp

Filesize
4KB

Download
memory/3720-161-0x0000000000C30000-0x00000000010E8000-memory.dmp

Filesize
4.7MB

Download
memory/3824-22-0x0000000004DD0000-0x0000000004DD1000-memory.dmp

Filesize
4KB

Download
memory/3824-29-0x0000000004E00000-0x0000000004E01000-memory.dmp

Filesize
4KB

Download
memory/3824-19-0x00000000003E0000-0x00000000008A3000-memory.dmp

Filesize
4.8MB

Download
memory/3824-20-0x00000000003E0000-0x00000000008A3000-memory.dmp

Filesize
4.8MB

Download
memory/3824-70-0x00000000003E0000-0x00000000008A3000-memory.dmp

Filesize
4.8MB

Download
memory/3824-23-0x0000000004DB0000-0x0000000004DB1000-memory.dmp

Filesize
4KB

Download
memory/3824-21-0x0000000004DC0000-0x0000000004DC1000-memory.dmp

Filesize
4KB

Download
memory/3824-24-0x0000000004DF0000-0x0000000004DF1000-memory.dmp

Filesize
4KB

Download
memory/3824-71-0x00000000003E0000-0x00000000008A3000-memory.dmp

Filesize
4.8MB

Download
memory/3824-25-0x0000000004D90000-0x0000000004D91000-memory.dmp

Filesize
4KB

Download
memory/3824-93-0x00000000003E0000-0x00000000008A3000-memory.dmp

Filesize
4.8MB

Download
memory/3824-26-0x0000000004DA0000-0x0000000004DA1000-memory.dmp

Filesize
4KB

Download
memory/3824-430-0x00000000003E0000-0x00000000008A3000-memory.dmp

Filesize
4.8MB

Download
memory/3824-27-0x0000000004DE0000-0x0000000004DE1000-memory.dmp

Filesize
4KB

Download
memory/3824-28-0x0000000004E10000-0x0000000004E11000-memory.dmp

Filesize
4KB

Download
memory/3824-193-0x00000000003E0000-0x00000000008A3000-memory.dmp

Filesize
4.8MB

Download
memory/3824-532-0x00000000003E0000-0x00000000008A3000-memory.dmp

Filesize
4.8MB

Download
memory/4304-121-0x000000001B930000-0x000000001B940000-memory.dmp

Filesize
64KB

Download
memory/4304-104-0x0000000000B00000-0x0000000000B8C000-memory.dmp

Filesize
560KB

Download
memory/4304-116-0x00007FF9F0350000-0x00007FF9F0D3C000-memory.dmp

Filesize
9.9MB

Download
memory/4312-72-0x0000000071FF0000-0x00000000726DE000-memory.dmp

Filesize
6.9MB

Download
memory/4312-63-0x0000000000400000-0x0000000000592000-memory.dmp

Filesize
1.6MB

Download
memory/4584-16-0x0000000000300000-0x00000000007C3000-memory.dmp

Filesize
4.8MB

Download
memory/4584-6-0x0000000005200000-0x0000000005201000-memory.dmp

Filesize
4KB

Download
memory/4584-0-0x0000000000300000-0x00000000007C3000-memory.dmp

Filesize
4.8MB

Download
memory/4584-1-0x0000000077044000-0x0000000077045000-memory.dmp

Filesize
4KB

Download
memory/4584-2-0x0000000000300000-0x00000000007C3000-memory.dmp

Filesize
4.8MB

Download
memory/4584-3-0x00000000051D0000-0x00000000051D1000-memory.dmp

Filesize
4KB

Download
memory/4584-4-0x00000000051E0000-0x00000000051E1000-memory.dmp

Filesize
4KB

Download
memory/4584-10-0x0000000005220000-0x0000000005221000-memory.dmp

Filesize
4KB

Download
memory/4584-11-0x0000000005210000-0x0000000005211000-memory.dmp

Filesize
4KB

Download
memory/4584-9-0x00000000051F0000-0x00000000051F1000-memory.dmp

Filesize
4KB

Download
memory/4584-8-0x00000000051B0000-0x00000000051B1000-memory.dmp

Filesize
4KB

Download
memory/4584-7-0x00000000051A0000-0x00000000051A1000-memory.dmp

Filesize
4KB

Download
memory/4584-5-0x00000000051C0000-0x00000000051C1000-memory.dmp

Filesize
4KB

Download
memory/4856-259-0x0000000000400000-0x0000000000450000-memory.dmp

Filesize
320KB

Download
memory/5528-429-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/5528-436-0x0000000000400000-0x000000000044C000-memory.dmp

Filesize
304KB

Download
memory/5724-481-0x0000000001230000-0x00000000016DE000-memory.dmp

Filesize
4.7MB

Download
memory/6020-479-0x0000000000400000-0x0000000000408000-memory.dmp

Filesize
32KB

Download