redline | hxxps://www[.]youtube[.]com/redirect?event=video_description&redir_token=QUFFLUhqa1RFM2MtR21uQnVlYWdHZUxaaWNqX0k4MVp5d3xBQ3Jtc0trb01tVTg0UUNKeXdqNkV5enNGM2htOXNlVVNOMWZVSTZRTnR4WHYxR3hrR2RQMzBUWFhwN0UyU0R0bjQ4b1FvSkd4SFZJX3pfdVFpTHZGSTZMMWc5WkhVWDNjZFd1ZEEtQk1xUDc0WWM4NlB3eGpMcw&q=https%3A%2F%2Fwww[.]mediafire[.]com%2Ffolder%2Fmvhbku3oxuunj%2Fexecutor&v=LkF2reM7IOw

Analysis

max time kernel
485s
max time network
490s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/08/2024, 08:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1RFM2MtR21uQnVlYWdHZUxaaWNqX0k4MVp5d3xBQ3Jtc0trb01tVTg0UUNKeXdqNkV5enNGM2htOXNlVVNOMWZVSTZRTnR4WHYxR3hrR2RQMzBUWFhwN0UyU0R0bjQ4b1FvSkd4SFZJX3pfdVFpTHZGSTZMMWc5WkhVWDNjZFd1ZEEtQk1xUDc0WWM4NlB3eGpMcw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fmvhbku3oxuunj%2Fexecutor&v=LkF2reM7IOw

Score

10^/10

redline credential_access discovery infostealer persistence privilege_escalation spyware stealer

Malware Config

Extracted

Family

redline

185.196.9.26:6302

Signatures

RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
infostealer redline

RedLine payload 1 IoCs

resource	yara_rule
behavioral1/memory/6720-3738-0x0000000000400000-0x0000000000452000-memory.dmp	family_redline

Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
credential_access stealer

Credentials from Web Browsers
T1555.003
Downloads MZ/PE file

Checks computer location settings 2 TTPs 20 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation	opera.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 64 IoCs

pid	Process
5224	OperaGXSetup.exe
1140	setup.exe
5168	setup.exe
5628	setup.exe
888	setup.exe
4288	setup.exe
5556	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
5792	assistant_installer.exe
5564	assistant_installer.exe
5296	installer.exe
6020	installer.exe
2476	opera.exe
2084	opera_crashreporter.exe
5480	opera.exe
764	opera_crashreporter.exe
1680	opera.exe
3816	opera.exe
5128	opera.exe
4924	opera.exe
3836	opera.exe
2916	opera.exe
5104	opera.exe
3080	opera.exe
4216	opera.exe
1448	opera_gx_splash.exe
3904	opera.exe
5540	opera.exe
1736	opera.exe
5148	opera.exe
5136	opera.exe
5628	opera.exe
5736	opera.exe
3812	opera.exe
4844	opera.exe
6032	opera.exe
4984	opera.exe
5188	opera.exe
2896	opera.exe
2908	opera.exe
6136	opera.exe
1632	opera.exe
1168	opera.exe
5808	opera_autoupdate.exe
5000	opera_autoupdate.exe
6164	opera_autoupdate.exe
6264	opera_autoupdate.exe
7516	installer.exe
6536	opera.exe
6560	opera.exe
6580	opera.exe
6596	opera.exe
6608	opera.exe
6620	opera.exe
6640	opera.exe
6672	opera.exe
6684	opera.exe
6696	opera.exe
6712	opera.exe
6724	opera.exe
6736	opera.exe
5228	opera.exe
6760	opera.exe
6772	opera.exe
7100	opera.exe

Loads dropped DLL 64 IoCs

pid	Process
1140	setup.exe
5168	setup.exe
5628	setup.exe
888	setup.exe
4288	setup.exe
2132	vodmorp.exe
5296	installer.exe
6020	installer.exe
2476	opera.exe
2476	opera.exe
5480	opera.exe
5480	opera.exe
1680	opera.exe
3816	opera.exe
1680	opera.exe
3816	opera.exe
1680	opera.exe
1680	opera.exe
1680	opera.exe
1680	opera.exe
1680	opera.exe
1680	opera.exe
5128	opera.exe
5128	opera.exe
2916	opera.exe
4924	opera.exe
3080	opera.exe
3080	opera.exe
2916	opera.exe
4216	opera.exe
4216	opera.exe
5104	opera.exe
3836	opera.exe
5104	opera.exe
3836	opera.exe
4924	opera.exe
3904	opera.exe
3904	opera.exe
5540	opera.exe
5540	opera.exe
1736	opera.exe
1736	opera.exe
5148	opera.exe
5136	opera.exe
5148	opera.exe
5136	opera.exe
5628	opera.exe
5736	opera.exe
5628	opera.exe
5736	opera.exe
3812	opera.exe
3812	opera.exe
5628	opera.exe
4844	opera.exe
5188	opera.exe
2896	opera.exe
5188	opera.exe
2896	opera.exe
6136	opera.exe
1632	opera.exe
6136	opera.exe
1632	opera.exe
1168	opera.exe
6032	opera.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Opera GX Stable = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera GX\\opera.exe"	opera.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Enumerates connected drives 3 TTPs 6 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	installer.exe
File opened (read-only)	\??\F:	installer.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	opera.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	opera.exe

Suspicious use of SetThreadContext 6 IoCs

description	pid	Process	procid_target
PID 2132 set thread context of 1008	2132	vodmorp.exe	191
PID 5476 set thread context of 6720	5476	vodmorp v2.exe	266
PID 3812 set thread context of 7856	3812	vodmorp.exe	302
PID 6916 set thread context of 8056	6916	vodmorp.exe	305
PID 3988 set thread context of 4780	3988	vodmorp.exe	308
PID 3652 set thread context of 5888	3652	vodmorp v2.exe	311

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 22 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vodmorp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vodmorp v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vodmorp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vodmorp v2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vodmorp.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MSBuild.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	vodmorp.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 64 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
6932	opera.exe
4972	opera.exe
5128	opera.exe
5736	opera.exe
6652	opera.exe
6560	opera.exe
7988	opera.exe
3852	opera.exe
7872	opera.exe
5332	opera.exe
6760	opera.exe
6736	opera.exe
6696	opera.exe
7840	opera.exe
8128	opera.exe
7728	opera.exe
4216	opera.exe
1684	opera.exe
396	opera.exe
3388	opera.exe
1680	opera.exe
5188	opera.exe
3080	opera.exe
6608	opera.exe
7468	opera.exe
7396	opera.exe
7092	opera.exe
4844	opera.exe
7028	opera.exe
7068	opera.exe
7088	opera.exe
3816	opera.exe
3812	opera.exe
2908	opera.exe
6032	opera.exe
6988	opera.exe
6532	opera.exe
3904	opera.exe
1168	opera.exe
5148	opera.exe
7788	opera.exe
6672	opera.exe
6188	opera.exe
3988	opera.exe
7804	opera.exe
2916	opera.exe
4924	opera.exe
1736	opera.exe
6684	opera.exe
7024	opera.exe
916	opera.exe
7532	opera.exe
5628	opera.exe
1632	opera.exe
7004	opera.exe
7100	opera.exe
5104	opera.exe
5540	opera.exe
6136	opera.exe
4984	opera.exe
6960	opera.exe
6976	opera.exe
7056	opera.exe
6724	opera.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	opera.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	opera.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	opera.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.gxanimations	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\WOW6432Node\CLSID\{8C63D4B8-CF89-4527-B10F-99914B6C207F}	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\URL Protocol	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell\open\ddeexec\Application	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Applications\opera.exe\shell\open\command	installer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.opdownload\OpenWithProgIDs\Opera GXStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\WOW6432Node\CLSID	installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{BFA0CC0E-2904-423D-A03A-42C5F12CD208}	opera_gx_splash.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.xhtml\OpenWithProgIDs\Opera GXStable = "0"	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\WOW6432Node\CLSID\{8C63D4B8-CF89-4527-B10F-99914B6C207F}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera GX\\112.0.5197.60\\notification_helper.exe"	installer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.opdownload	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell\open\ddeexec	installer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{40073DBB-ABE7-4249-A750-FA2A50762637}	opera.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.xht\OpenWithProgIDs\Opera GXStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\WOW6432Node	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell\open	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.gxanimations\OpenWithProgIDs	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.html\OpenWithProgids\Opera GXStable = "0"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.opdownload\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.xht\OpenWithProgIDs	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Applications\opera.exe\shell\open	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\FriendlyTypeName = "Opera GX Web Document"	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\DefaultIcon	installer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.pdf\OpenWithProgids\Opera GXStable = "0"	installer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000014f5964d7e4da01323183aae0e4da0159e1c566ccebda0114000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Applications\opera.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera GX\\opera.exe\" \"%1\""	installer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell\open\ddeexec\Application\	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell\open\ddeexec\Topic	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Applications\opera.exe\shell	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell\open\command	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.xht	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Applications\opera.exe	installer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\WOW6432Node\CLSID\{8C63D4B8-CF89-4527-B10F-99914B6C207F}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera GX\\112.0.5197.60\\notification_helper.exe\""	installer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "10"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell\open\ddeexec\	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.xhtml	installer.exe
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.shtml\OpenWithProgIDs	installer.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 700323.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1476	msedge.exe
1476	msedge.exe
4392	msedge.exe
4392	msedge.exe
4952	identity_helper.exe
4952	identity_helper.exe
5792	msedge.exe
5792	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
5300	msedge.exe
6008	msedge.exe
6008	msedge.exe
1124	msedge.exe
1124	msedge.exe
5468	msedge.exe
5468	msedge.exe
5344	msedge.exe
5344	msedge.exe
4912	msedge.exe
4912	msedge.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
1008	MSBuild.exe
5480	opera.exe
5480	opera.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1008	MSBuild.exe
Token: SeBackupPrivilege	1008	MSBuild.exe
Token: SeSecurityPrivilege	1008	MSBuild.exe
Token: SeSecurityPrivilege	1008	MSBuild.exe
Token: SeSecurityPrivilege	1008	MSBuild.exe
Token: SeSecurityPrivilege	1008	MSBuild.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: 33	840	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	840	AUDIODG.EXE
Token: SeShutdownPrivilege	1448	opera_gx_splash.exe
Token: SeCreatePagefilePrivilege	1448	opera_gx_splash.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeShutdownPrivilege	5480	opera.exe
Token: SeCreatePagefilePrivilege	5480	opera.exe
Token: SeDebugPrivilege	6720	MSBuild.exe
Token: SeDebugPrivilege	7856	MSBuild.exe
Token: SeBackupPrivilege	7856	MSBuild.exe
Token: SeSecurityPrivilege	7856	MSBuild.exe
Token: SeSecurityPrivilege	7856	MSBuild.exe
Token: SeSecurityPrivilege	7856	MSBuild.exe
Token: SeSecurityPrivilege	7856	MSBuild.exe
Token: SeDebugPrivilege	8056	MSBuild.exe
Token: SeBackupPrivilege	8056	MSBuild.exe
Token: SeSecurityPrivilege	8056	MSBuild.exe
Token: SeSecurityPrivilege	8056	MSBuild.exe
Token: SeSecurityPrivilege	8056	MSBuild.exe
Token: SeSecurityPrivilege	8056	MSBuild.exe
Token: SeDebugPrivilege	4780	MSBuild.exe
Token: SeBackupPrivilege	4780	MSBuild.exe
Token: SeSecurityPrivilege	4780	MSBuild.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5480	opera.exe
5480	opera.exe
5480	opera.exe
5480	opera.exe
5480	opera.exe
5480	opera.exe
5480	opera.exe
5480	opera.exe
5480	opera.exe
5480	opera.exe
5480	opera.exe
5480	opera.exe
5480	opera.exe
5480	opera.exe
5480	opera.exe
5480	opera.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
1140	setup.exe
5344	msedge.exe
5296	installer.exe
5296	installer.exe
5252	DllHost.exe
5252	DllHost.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5252	DllHost.exe
5252	DllHost.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe
5296	installer.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 4220	4392	msedge.exe	85
PID 4392 wrote to memory of 4220	4392	msedge.exe	85
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 4396	4392	msedge.exe	86
PID 4392 wrote to memory of 1476	4392	msedge.exe	87
PID 4392 wrote to memory of 1476	4392	msedge.exe	87
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88
PID 4392 wrote to memory of 3220	4392	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1RFM2MtR21uQnVlYWdHZUxaaWNqX0k4MVp5d3xBQ3Jtc0trb01tVTg0UUNKeXdqNkV5enNGM2htOXNlVVNOMWZVSTZRTnR4WHYxR3hrR2RQMzBUWFhwN0UyU0R0bjQ4b1FvSkd4SFZJX3pfdVFpTHZGSTZMMWc5WkhVWDNjZFd1ZEEtQk1xUDc0WWM4NlB3eGpMcw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fmvhbku3oxuunj%2Fexecutor&v=LkF2reM7IOw
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff974ed46f8,0x7ff974ed4708,0x7ff974ed4718
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
  2⤵
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:5036
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:4732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
  2⤵
  PID:2292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:32
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:1804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:1
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
  2⤵
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:5872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:1
  2⤵
  PID:2572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:6072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6744 /prefetch:8
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:5296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8024 /prefetch:8
  2⤵
  PID:384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7784 /prefetch:8
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8132 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7628 /prefetch:8
  2⤵
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3064 /prefetch:8
  2⤵
  PID:5936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8004 /prefetch:8
  2⤵
  PID:5916
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5224
- - C:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exe --server-tracking-blob=MDBiMDVmNmZkM2RmM2UxMDJjNjQyODhjZjliZmYyYmYyNTY4MzA2MDliOWE4ZjBhZjA0MWQ2MDI1OTUyMDQ3NDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9YVlJfV0VCXzI5MjMmZWRpdGlvbj1zdGQtMiZ1dG1fY29udGVudD0yOTIzX2MyNWJlMjJlLWFjMzUtNGJiYS1hMmI4LTIxMmYwMTAzNGQyNiZ1dG1faWQ9ZDBiMjRmYzM2YzA5NGRlOTg2ZjdhOTFmZGRjOTkyNGMmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZneCUzRnV0bV9jb250ZW50JTNEMjkyM19jMjViZTIyZS1hYzM1LTRiYmEtYTJiOC0yMTJmMDEwMzRkMjYlMjZ1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfWFZSX1dFQl8yOTIzJTI2dXRtX2lkJTNEZDBiMjRmYzM2YzA5NGRlOTg2ZjdhOTFmZGRjOTkyNGMlMjZlZGl0aW9uJTNEc3RkLTImdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWQwYjI0ZmMzNmMwOTRkZTk4NmY3YTkxZmRkYzk5MjRjJmRsX3Rva2VuPTc3MDMxOTMxIiwidGltZXN0YW1wIjoiMTcyMzM2NjM0OC45ODM1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fR0JfWFZSX1dFQl8yOTIzIiwiY29udGVudCI6IjI5MjNfYzI1YmUyMmUtYWMzNS00YmJhLWEyYjgtMjEyZjAxMDM0ZDI2IiwiaWQiOiJkMGIyNGZjMzZjMDk0ZGU5ODZmN2E5MWZkZGM5OTI0YyIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJmNGE2Mjk1Yi0xOGMyLTRkNjgtYjRjOC0yNGU0NmQ1ZGViN2IifQ==
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious use of SetWindowsHookEx
    PID:1140
  - - C:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x330,0x334,0x338,0x308,0x33c,0x74271b54,0x74271b60,0x74271b6c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5168
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:5628
  - - C:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1140 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240811085252" --session-guid=14d48508-fb51-4a98-aabd-732485160124 --server-tracking-blob=MmQ5MTlkNzg4ZGQyMGU4NzgwNzIxMzg5YmM3NTI0MjViMDM1YzUyMTA1NjA5MzM1NDMxOWVlN2M2MTQ5MjAwODp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9YVlJfV0VCXzI5MjMmZWRpdGlvbj1zdGQtMiZ1dG1fY29udGVudD0yOTIzX2MyNWJlMjJlLWFjMzUtNGJiYS1hMmI4LTIxMmYwMTAzNGQyNiZ1dG1faWQ9ZDBiMjRmYzM2YzA5NGRlOTg2ZjdhOTFmZGRjOTkyNGMmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZneCUzRnV0bV9jb250ZW50JTNEMjkyM19jMjViZTIyZS1hYzM1LTRiYmEtYTJiOC0yMTJmMDEwMzRkMjYlMjZ1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfWFZSX1dFQl8yOTIzJTI2dXRtX2lkJTNEZDBiMjRmYzM2YzA5NGRlOTg2ZjdhOTFmZGRjOTkyNGMlMjZlZGl0aW9uJTNEc3RkLTImdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWQwYjI0ZmMzNmMwOTRkZTk4NmY3YTkxZmRkYzk5MjRjJmRsX3Rva2VuPTc3MDMxOTMxIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzMzY2MzQ4Ljk4MzUiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9YVlJfV0VCXzI5MjMiLCJjb250ZW50IjoiMjkyM19jMjViZTIyZS1hYzM1LTRiYmEtYTJiOC0yMTJmMDEwMzRkMjYiLCJpZCI6ImQwYjI0ZmMzNmMwOTRkZTk4NmY3YTkxZmRkYzk5MjRjIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImY0YTYyOTViLTE4YzItNGQ2OC1iNGM4LTI0ZTQ2ZDVkZWI3YiJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=5809000000000000
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Enumerates connected drives
      System Location Discovery: System Language Discovery
      PID:888
    - - C:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exe
        
        C:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x71ae1b54,0x71ae1b60,0x71ae1b6c
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:4288
    - - C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe" --backend --initial-pid=1140 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521" --session-guid=14d48508-fb51-4a98-aabd-732485160124 --server-tracking-blob=MmQ5MTlkNzg4ZGQyMGU4NzgwNzIxMzg5YmM3NTI0MjViMDM1YzUyMTA1NjA5MzM1NDMxOWVlN2M2MTQ5MjAwODp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9YVlJfV0VCXzI5MjMmZWRpdGlvbj1zdGQtMiZ1dG1fY29udGVudD0yOTIzX2MyNWJlMjJlLWFjMzUtNGJiYS1hMmI4LTIxMmYwMTAzNGQyNiZ1dG1faWQ9ZDBiMjRmYzM2YzA5NGRlOTg2ZjdhOTFmZGRjOTkyNGMmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZneCUzRnV0bV9jb250ZW50JTNEMjkyM19jMjViZTIyZS1hYzM1LTRiYmEtYTJiOC0yMTJmMDEwMzRkMjYlMjZ1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfWFZSX1dFQl8yOTIzJTI2dXRtX2lkJTNEZDBiMjRmYzM2YzA5NGRlOTg2ZjdhOTFmZGRjOTkyNGMlMjZlZGl0aW9uJTNEc3RkLTImdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWQwYjI0ZmMzNmMwOTRkZTk4NmY3YTkxZmRkYzk5MjRjJmRsX3Rva2VuPTc3MDMxOTMxIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzMzY2MzQ4Ljk4MzUiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9YVlJfV0VCXzI5MjMiLCJjb250ZW50IjoiMjkyM19jMjViZTIyZS1hYzM1LTRiYmEtYTJiOC0yMTJmMDEwMzRkMjYiLCJpZCI6ImQwYjI0ZmMzNmMwOTRkZTk4NmY3YTkxZmRkYzk5MjRjIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImY0YTYyOTViLTE4YzItNGQ2OC1iNGM4LTI0ZTQ2ZDVkZWI3YiJ9 --desktopshortcut=1 --install-subfolder=112.0.5197.60
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        Enumerates connected drives
        Modifies registry class
        Suspicious use of SendNotifyMessage
        Suspicious use of SetWindowsHookEx
        
        PID:5296
      - C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ff9662cee10,0x7ff9662cee1c,0x7ff9662cee28
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:6020
      - C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized
        6⤵
        Executes dropped EXE
        Loads dropped DLL
        
        PID:2476
        
        C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\opera_crashreporter.exe
        
        "C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\opera_crashreporter.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x1f8,0x1fc,0x200,0x1f4,0x204,0x7ff953303190,0x7ff9533031a0,0x7ff9533031b0
        7⤵
        Executes dropped EXE
        
        PID:2084
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:5556
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\assistant\assistant_installer.exe" --version
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:5792
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0xed4f48,0xed4f58,0xed4f64
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8064 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:1560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2452 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:1
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1368 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8896 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
  2⤵
  PID:5392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8868 /prefetch:8
  2⤵
  PID:5852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9120 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7792 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6608 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4912
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\password - 4834 (2).txt
  2⤵
  PID:336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5084

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1752

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost
1⤵
PID:4064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x30c 0x4c4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:840

C:\Users\Admin\AppData\Local\Temp\Temp1_granland.zip\granland\vodmorp.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_granland.zip\granland\vodmorp.exe"
1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2132
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:1008

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5252

C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --lowered-browser
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks system information in the registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5480
- C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\opera_crashreporter.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\opera_crashreporter.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x1f8,0x1fc,0x200,0x1f4,0x204,0x7ff953303190,0x7ff9533031a0,0x7ff9533031b0
  2⤵
  - Executes dropped EXE
  PID:764
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=1864 /prefetch:2
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1680
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=2124,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=2136 /prefetch:3
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3816
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=2316,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5128
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3204,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3068 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5104
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3208,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3272 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4924
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3224,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3388 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:3836
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3244,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2916
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3252,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3080
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3732,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4216
- C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\opera_gx_splash.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\opera_gx_splash.exe" --instance-name=0603c28fa4a788d681a330bade7a1273
  2⤵
  - Executes dropped EXE
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  PID:1448
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4224,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4252 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3904
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4492,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5540
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4712,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4708 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1736
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4860,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5148
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=opera.lights.mojom.Asus --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=4904,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:5136
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=opera.lights.mojom.Corsair --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=4912,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5628
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=opera.lights.mojom.Logitech --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=4924,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5736
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=opera.lights.mojom.Razer --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=4896,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3812
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=5648,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4844
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=5968,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6032
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5336,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4984
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6384,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  - Modifies registry class
  PID:5188
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6652,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6776 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  PID:2896
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6896,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:2908
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7100,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=7080 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6136
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7028,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=7240 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1632
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7228,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=7328 /prefetch:2
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1168
- C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe" --enableipv6 --bypasslauncher --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable" --pipeid=oauc_pipebbf75761f34e48ef16427d916ed763c8
  2⤵
  - Executes dropped EXE
  PID:5808
- - C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe
    "C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff78bac9a0c,0x7ff78bac9a18,0x7ff78bac9a28
    3⤵
    - Executes dropped EXE
    PID:5000
- C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe" --fix-taskbar-pins
  2⤵
  - Executes dropped EXE
  PID:7516
- - C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe
    "C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff96007ee10,0x7ff96007ee1c,0x7ff96007ee28
    3⤵
    PID:7248
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7648,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:6536
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7640,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6560
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7636,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:6580
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7632,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3604 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:6596
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7628,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6608
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7652,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:6620
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=5468,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:6640
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6920,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8332 /prefetch:2
  2⤵
  - Checks computer location settings
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6652
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7256,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8356 /prefetch:1
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6672
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8016,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8500 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6684
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8024,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8644 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6696
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6584,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8768 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:6712
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=9016,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9012 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6724
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8044,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9064 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6736
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6308,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9328 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:5228
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7984,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9484 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6760
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8032,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9612 /prefetch:8
  2⤵
  - Executes dropped EXE
  PID:6772
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6636,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9660 /prefetch:8
  2⤵
  - Executes dropped EXE
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7100
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6620,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9808 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7088
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=10052,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9956 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7068
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8008,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=10224 /prefetch:2
  2⤵
  - Checks computer location settings
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7056
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=4856,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=10256 /prefetch:8
  2⤵
  PID:7044
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8056,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=10384 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7028
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8104,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=10556 /prefetch:8
  2⤵
  PID:7016
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8068,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=10700 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7004
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8136,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=10968 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6988
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8140,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11096 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6976
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8180,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11132 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6960
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=11472,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6344 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7788
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6448,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4052 /prefetch:8
  2⤵
  PID:6796
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12348,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12652 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7024
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3324,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11388 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:916
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12868,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12716 /prefetch:8
  2⤵
  PID:7652
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12816,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=7916 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7468
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12788,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12764 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7840
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12972,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12392 /prefetch:8
  2⤵
  PID:7972
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12976,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12984 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7988
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12804,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12280 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:8128
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=13196,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=13188 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:1684
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12356,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12452 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3988
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=13208,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8664 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3852
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=8892,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:2
  2⤵
  - Checks computer location settings
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7728
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8164,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7804
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8960,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12612 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6932
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=11972,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11964 /prefetch:8
  2⤵
  PID:2116
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=11968,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11956 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7396
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=11640,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11616 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6188
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7920,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11632 /prefetch:8
  2⤵
  PID:6820
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=11636,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  PID:4724
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6220,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12244 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7532
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12112,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:3388
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=13164,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=13108 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:396
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=12880,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12808 /prefetch:2
  2⤵
  - Checks computer location settings
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:4972
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=9068,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12844 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7092
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12256,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12756 /prefetch:8
  2⤵
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:7872
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=6544,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:2
  2⤵
  - Checks computer location settings
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:5332
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8096,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  PID:7716
- C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=11952,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11848 /prefetch:2
  2⤵
  - Checks computer location settings
  - System Network Configuration Discovery: Internet Connection Discovery
  PID:6532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7404

C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe
"C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe" --scheduledtask --bypasslauncher --requesttype=automatic --scheduledtask --enableipv6 --bypasslauncher --pipeid=oauc_task_pipec12dca2c6d0f4844aad7502765c89329
1⤵
- Executes dropped EXE
PID:6164
- C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe
  "C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff78bac9a0c,0x7ff78bac9a18,0x7ff78bac9a28
  2⤵
  - Executes dropped EXE
  PID:6264
- C:\Users\Admin\AppData\Local\Temp\.opera\9B44A87EC5AC\installer.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\9B44A87EC5AC\installer.exe" --version
  2⤵
  PID:6792

C:\Users\Admin\AppData\Local\Temp\Temp1_granland.zip\granland\vodmorp v2.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_granland.zip\granland\vodmorp v2.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5476
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:6720

C:\Users\Admin\Downloads\granland\granland\vodmorp.exe
"C:\Users\Admin\Downloads\granland\granland\vodmorp.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3812
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:7856

C:\Users\Admin\Downloads\granland\granland\vodmorp.exe
"C:\Users\Admin\Downloads\granland\granland\vodmorp.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:6916
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:8056

C:\Users\Admin\Downloads\granland\granland\vodmorp.exe
"C:\Users\Admin\Downloads\granland\granland\vodmorp.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3988
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:4780

C:\Users\Admin\Downloads\granland\granland\vodmorp v2.exe
"C:\Users\Admin\Downloads\granland\granland\vodmorp v2.exe"
1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3652
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5888

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
8358092757b62f879cf39dc9274894ca

SHA1
e7068d70468359feb00884ba5e860b057762903e

SHA256
d72b634cd47262cf36febd296ba48f3f984f972da03116c3c0c16e94b7f5738e

SHA512
b46b91602490518f7c1e2517fc133c3a25408a635a06861753d89428c4e155ed48a216353af132e2989e4bfe6c79538cc17d669eee11cb2acd9dc6a01dc5e833

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

Filesize
727B

MD5
f1e180eefd825535a1f0e17d3cd63674

SHA1
5648d7a9b87abe0b24696962fd7a232f43b946ad

SHA256
a2e4c97ef9fc4a9fe8ac8b8b815004c9bc7a4886ead24138057cfca7276156f4

SHA512
c9e835e181359d1972261798b7cabdfdaa5cb32db6958e22c66eab75fe081e171d7923d1ad1565a22fbefa3b9885d7154418357d52dbdf19442db709aa7f5e78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
450a20c7cd4725091e05210dcede2adc

SHA1
9c366f918cf35c368b1ed96ae81b1802c7e62dcf

SHA256
053aba9b5b9f5674d7cb90a5b1c16fd23e0dbbd3555de12cc09700cd038010e2

SHA512
b09294e63a634f43892adcb6a58b7f7d084024ff35b9d82d58563bfb674d647d61700ca33fec5c1414eac9f2c13dd1e6d77cac189bff05b375e45262dccb6b6f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
6db45199949f28cf62726aca853028bf

SHA1
f9d56ae0361fcb75dfea0859d856ee9d02c79a61

SHA256
889ffb3658e28c3ed009fd32a230b260dd30bc19b811022e83c28f047148ee6f

SHA512
3dd1cb9b75ce5d05dad2aab292196fda719814120436aeea67acf66af219e88bddc1ac41b8c35a616207bbcab39cdbaa1849ed5a3d0519ec88e766b81be84b7e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

Filesize
404B

MD5
a33e0211088a8cf11dcd9ca369940e02

SHA1
06a48780f610c1abf22ca469b00cb3e14f8d2514

SHA256
4e461217569ad01df148fa4b4526c8a612cabb7493473f64fee8d1c15bca0682

SHA512
c2ff03cb96b11a4abe20cf4b661e6777ce36490e037f2f9eb51f3be8b400930593b92b7e154d000f59803e90765a2129f0d0b2f18edc9bdaa465f4dfaf71d0f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
dff9c984b908f19060138f322d97650e

SHA1
f92fe72052bd07cf63361caa804d26a09cde9f51

SHA256
03ab6c24e38818c2a4112f90d72528e7716785eaaf5c0f6ec406002498d5a55f

SHA512
456fd25cf9af2a18cfd451b20b189a943713c9b6c56bd42dfbea77bee2b8b8fb34b45e1aaaa999efd91fbce8f0be2cb51a0955d0c077e2e7c033f471cc3c8cce

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
7ff35c17b4b81f35d36b3ee8796e6283

SHA1
0b26f3e3cb3839199a598df29baeca2c360c4430

SHA256
145c4c994007c71b27256b69db3d68e212e9ed90f2516ed2aaf575f7423cc9dc

SHA512
6662b0cffc9448d2a67e917085c830aebbac852bd6bfca32fc36f0e6ce0760e1d7853ec872a1dddf3e9603b437fdade5304e606c62972c0043d9d1f57eaa3031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7f031510-f235-49d6-b208-54f7590bbb0e.tmp

Filesize
12KB

MD5
2f0fc21b682c0c58c59ba4fed967b751

SHA1
4a19aa710287442d35623eaf5afdcf4b00555221

SHA256
626d80d70315370f1d2de407d310440b1944d824a94eb6bd316ba6fe3860c120

SHA512
d198c14a00aa963a60f233c1c30986bc04bfd564be500c6ee996349910bf5092039c05fe71feb36fe79359d7de2d8bfe2635205fcf4d5facf0f808e003fa4795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
51KB

MD5
5a7091bb1c4982bde3f9d3901587c11a

SHA1
2c990a8d38797d5dbcb8322219fc9d828aeeff29

SHA256
41c8fb1312e45d8c38f20cce6e9b922f39ad22728366566aa135bfca41e8e725

SHA512
1a8628e84210a47deb5d626d0f3c3ae39113e72a71df7ef90c6bcf857cff336248bc2a07a3b9be4cc66bf90587636dd34213eab52ac27d273c74c6005b3f7e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
42KB

MD5
c18ac29cb1e1afeda67dcee7b8fa497f

SHA1
2e2fca9619705de092131991d0129594aea866e2

SHA256
f5f3e3e947878d45fefe0b0a2f895a13010d3121eba5e9d07bd1d79e01ddc3a0

SHA512
5dcae0c20e115715b382792e9b6293e644d44b644dad8a2960a9815beca0ba1ff2697118d282580c473643f97442b61380bd59a5ff92eb50bad11e96dc81a48c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
71KB

MD5
27dea77095206c9648b3bd235a71eb87

SHA1
22ed7e82c7ec8adf40e4c75fc82efe1562e6e541

SHA256
09c5ee7cec8b9e8dbd7e8922bd001538776433b607058c8de389009cd95cdf1f

SHA512
0a00bd2c2199622cec0d871b4571cd52ff02e2365386b99132184a898f5e744474baa7ec5259591e077f36eaa11f363f335aae452f73dfe92c5d741a53d7c05e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
83KB

MD5
e1a619dd21d4a5734f261b28aefb3ad0

SHA1
20b42c0d579b10561fa12f7f1a89e30b050883cf

SHA256
18fcaaea521bc3918e08df85211b453a8db292ed40ca6c40f2cf44be1cc27b49

SHA512
0cc35722fb02203f8fc314e76cfcfe49f5a0d4586d25c8ca5b0ec50ed703eb9675f0fc030e65ac9180a97dba9258c447063cc72d66acae577164a8702a5baa1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
210KB

MD5
48d2860dd3168b6f06a4f27c6791bcaa

SHA1
f5f803efed91cd45a36c3d6acdffaaf0e863bf8c

SHA256
04d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77

SHA512
172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
21KB

MD5
660c3b546f2a131de50b69b91f26c636

SHA1
70f80e7f10e1dd9180efe191ce92d28296ec9035

SHA256
fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9

SHA512
6be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
108KB

MD5
ee6ed6a06919eebb03298592f65039ff

SHA1
1e68a260c2da0454164ef4c661364c47cb358d0a

SHA256
3593226c57f4917096874fbd89bada5d4c0fda78275f8d2c635035d725ed8946

SHA512
9d4e1f5ae577587095e99ccc2ccea7f47e9296b88990fdb6e423058c4d35c103444af2e074cb1a5a7189c39f28507101408c5a7b8fb160664995f7bbd2110cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
71KB

MD5
5009de30b5dcbc412f164684b0fa7be8

SHA1
7ac8b15e248af2258ae74370ea9634e035c94d40

SHA256
61ce8e16e0dfdaa55dddd2aea78bb3af234efcd3da0a6f306f09a6bd49a94e4e

SHA512
246edc05089c1efd782c17ff852283294757e157545592b4e452945bd8d73d91bb0a812fa40fce104c3cf6ef443f5f413bf08adfc889cb92794c5c33ab709715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
18KB

MD5
5b05c1892ef061103f9261eed226d18a

SHA1
67dd2c1f7b30dc8f168824de806690c8c9a56c03

SHA256
523f1da16cba73874fabe71437f268ab798c8bfdfd2bc48aceb38b1beb84b4c9

SHA512
9721c47a81ba89567f32ea72f2ab870c77862a93258bf249a6993344aa6c711496e7c275594bc0704362e9e2ccb5274be207fcc5bf6c354c84c0e5adce6da3a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
42KB

MD5
5fb688e9706c7a8ed06b9116562e92a3

SHA1
c8407911463e5a0b3922f2897b8eff39e5bce991

SHA256
3784eb62c70f2a03cbbd9467b0c997fdb1e3ab279a1ca0bcacd85580be308a25

SHA512
b759ff970b22c1b565e0443bf26b413efd6576f09e216caa2be61dabad512bbc4809e7ca8cac37ce95b66a9122755da09235eb041c858d80bcf5c270cea57982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
36KB

MD5
265de96d25dcd5db3f1b208beea2fa31

SHA1
508d86b66d8c2828b8dc1c09b8c55c0760eff04a

SHA256
7cc0d250dff99f4b003c15d1cab767a6339f739ea0b84ce5233f90614bcdf470

SHA512
0081d6285df8e9bc9d28eb1bb340fd47f5a0e33b050dcd100c25a3db68524f5016e4fa15e4ea8cafd0ec725f781f9d03ff39ed5cad3065f05df73ec42f87aa45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
16KB

MD5
e6c49d75229345fa60077f9602728408

SHA1
8f3d3afbfbc17690e5baff9f108a34ed73d0280e

SHA256
829ed2913a69d844de51d39f0def959a9c040f5b3eeb1bf593f7ea42334e7da7

SHA512
afa93a62ab1c2cf273f960aeffbd98f3e8f183004884dff96ef474f0ae29ed2e943c73566eb8d05d70f1bd9c12aa020077700aee07c6a57eeb6f6b3f7aac2344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
200KB

MD5
f6504f8bec86212dbe3e1b19bf842bde

SHA1
40b5239d845b3123540acfc77af8273a80df74e7

SHA256
b25f2bd14e56585a4a597c65553c84cf9e45756c2ecb364dc9eccfe68627da9c

SHA512
662a38b7cc4fc3eaed20643adf2a435aa5df92d61a3191fa23ff3ef1191ca04b6fd6226fa09f55bc1e1eda66baf05ba94cd061b40769ce65a627138a8564b45b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
22KB

MD5
d17ab3aff0d966473533740be6b40946

SHA1
0fc31ae5802200d696ae8eb77d7f1b4e19d90efa

SHA256
9b8560a698941ccb7d57426ed5ab016fd4103b99285ca5305b40464d982bdbf8

SHA512
f5164e69da2ecbd94369b4f5d83c9bb0de149cb215a636d7080c01af0cf4ae240939f2718db0afd2d277101fbb0f89669e82e33ab9e4194935fda11d64b0e764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
54KB

MD5
374a181ef5b97e4244c5ecc4c26949d8

SHA1
583d365409ecb523c9a0c67a83942a113a63553a

SHA256
15eea16423dc22889815a20f41a89df2720235d6f9f030cd3e37c6e0e7bda046

SHA512
2975b75b1fe22db9b31a36aea91d6564c5b5ba437b1a67442e5e693c9c5be25bd176adef16b0356dcc1fd62985ce54bc6d8a948a83adc867fb95626c632c950d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
31KB

MD5
2ddd72850aad734df7efab530d9a58c7

SHA1
c08f8ef118a8fe67cf885bf95a5e06071ea3b313

SHA256
b7a4aeb69c011be9ae0e8ee11d0722fbbafeab7e8e2f5bdb1711c7c9ec6f21dc

SHA512
10c8a0dc3babce43d927fa229383c9f7d79b2015639af10ea7413e434a4899f86d22e9c9224841f73de90a61c1bac7db99bfa0b198a3280a6fe9328fbdc8c769

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
51KB

MD5
8237d91cf9dfc6ce83cfb7588baefeb7

SHA1
0d950cddd66d3ace9e8f937041c6217f9da75089

SHA256
644414b8ba6747f657c5cf5d12335fd6b34fd249b04771e2b2d023bad64ea1e3

SHA512
f3d6dd1f3d84ddf9936e6a8ae808ee3d09b5f0d5b7592949150b7a1ac8157f651ace88b3427cc0cf3762536bb6b0be55498af43172506a18159c422ad3993de9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
76KB

MD5
bee475ccb0f67f3f53faecb4bbf32491

SHA1
f5241c6443e55d47a85ff08696db1c2d1c716db6

SHA256
475cdf283c638297604fc65ea9d14d21a408102c78df8e90d70f210991a25269

SHA512
8439cea82cb639c7a11287e1da8c905801804e3cac73d9e9c7942da290cdc8443dd8c5b3e25bb7fe009b2c6347ec6b2cfef84b1a9773701114a485221a0fd1d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
142KB

MD5
3a906c28a1dcc31a08064e5fdf07671a

SHA1
bf8d3f85b0de7061bfed1500b9edf497491f700d

SHA256
6c66111c5ae88727d30ac5eab61f8ccffdefdc3c44b0c39387add48fb1205261

SHA512
e5b53ed9a830eabe3489065a7c2374bc68764d17385570afd22af41d94274786d19151f87637768608bf64216a8642772fadfba5d3ba7516867f61915d0892b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
147KB

MD5
2ffa40a18e79cdc8e4de8109a647f37c

SHA1
9b663751e7ef29ee8a46e40c565e47f02bd60779

SHA256
d40c5f48fe21a5206cfdd42cae37a74cf2d23f1f9e54925e7d33d3acb0df246b

SHA512
e816903ac4ea642991caa2126b743f7009b221d99d80f4516a953c8bb9ac208ed58a7c1c99c78ef7685e43eb7ce3362dd416176ddf73ae4c920047822d18f061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
20KB

MD5
0c4e029571dc182bfb39161f25531f06

SHA1
77b38d4a247b63881e7b9be324979c203987ae4e

SHA256
fa5e2241e03bf7f6357dbff6a4716e4fee8b612fcb241ce68411552ba643cee1

SHA512
51501b8f4caadf0975eb5d1b3e193c3215c3b0706f7203d9173c8bbd3149526e9134b8b87ebcb0de6f1ed44e9f735ea3871201ac476f99e463380fbdd39ec7db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
62KB

MD5
6b04ab52540bdc8a646d6e42255a6c4b

SHA1
4cdfc59b5b62dafa3b20d23a165716b5218aa646

SHA256
33353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d

SHA512
4f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
31KB

MD5
c03ff64e7985603de96e7f84ec7dd438

SHA1
dfc067c6cb07b81281561fdfe995aca09c18d0e9

SHA256
0db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526

SHA512
bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
20KB

MD5
8c34c7b82f4668c975defa63ea3c9911

SHA1
01aee6e4857efb1898934c58dfbaab60a9bafb75

SHA256
6fddf44c880fa4ab45d21e764fb4371c8820b7b1c49502ece0fb5e1eab95ab3e

SHA512
7b8db2103dedf6b36759771c5b0451d6e2feb8ba889a07f1dbb869c229739e4343636ab5fe0bae8ff7ae5798d533caf3e408e34b71be72d0bfdd076da5a6104f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
63KB

MD5
67e59a06ec50dcd4aebe11bb4a7e99a5

SHA1
5d073dbe75e1a8b4ff9c3120df0084f373768dae

SHA256
14be8f816315d26d4bc7f78088d502eff79dee045f9e6b239493a707758107fe

SHA512
6364515e92ed455f837dcc021cc5d7bbab8eac2a61140de17ff6a67dfdbbd8fbdded5ce739d001a0ba555b6693dafdb6af83424d6643ff6efddc46d391b21d95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000073

Filesize
330KB

MD5
cd6db4ff06ea373947591ecabf4b729a

SHA1
04cb4d72f9ccd171a67826710d37ad4bfa51d05d

SHA256
4f2202f557c32bbc6279b5b5bf628142f4c5984438eaccbccccae16253753710

SHA512
1ab3cf1749ac327ebd7b92081923fed011b2145326ca30ee905e89a01594c9a3041274029426fe1f4976393cde515b2ef0dcc40c54098da492526d927458e882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a0

Filesize
25KB

MD5
42e84ebcf5470237abd1f9e322b751fe

SHA1
a828a45804554507d9e8521c36109e8bc3d5eca2

SHA256
a9fc7baee3689f0331e46617f60d6e7c3ed631209b7211e7dd09cf20d22a64c1

SHA512
36606d42aee5689819dedf221af3c6c0da06aeb9997b9ce84b42db42ab80a0926352219f1e47f2287dcc850fcc96e4eefd5e487e09e1f1228102eced11271e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a5

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\019d192f95b325f0_0

Filesize
125KB

MD5
4ec22168658af01bf7fe3eb0ff0ed505

SHA1
071b915eeeddfdfdd733fc51fd2da6ea4c884c96

SHA256
e342060eb7b6b14cf6a20cfa6eb866172c001f4d30c4113b7b2993e4b7821412

SHA512
82e3299c5888cfef5d7d8661dc84c769724ee77984c4ce7665007fd53484f14f4c37913cf82d195aee6fe6bfe5a154c167213d928ceed416c0d6cd338b65bc18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0707e9e3705bd99a_0

Filesize
281B

MD5
f59983cfb94e5da2df50ef0adedabfed

SHA1
fab25091a4f4b34de12e2979d75f53f73995b62b

SHA256
e8592828700f756b894555104c9f03574eb84c1d1c64d4397da6c827f7d3a85f

SHA512
369abaaffb9c1f2b44e1e53ca0144004ed8b025efb6706ba855b44103ca5eca7c92cf8342d1c3717b3071372d13acff80743d29367af3f31760cfff978e25430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0fb3fee1ed5e18e0_0

Filesize
309KB

MD5
03bb8f36003734309451c82f9f7d1841

SHA1
06bec03fcca01fb310b023293010a282a0975725

SHA256
0041256b703c7f7ff35d0f1f67d8c360f39bb8edebb67b091647d28738795f95

SHA512
4291012e3f32744d5e857303268bcc06db6188a99d7186727d7e67844e3bd317a7cd04f295881cb9bfe56bb39ae2ebfd5ce7ea94e629573abecec2d7e672b9f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2b2e72f8d3fd7e5f_0

Filesize
158KB

MD5
d9d619d4e79cc134a9cb2348ad7d09d9

SHA1
584d15fbd206ca45ad7ce7f3cfe0858b88fd0910

SHA256
d0e756734c19c5d0bb18771470b99fa4cb05bd21de8914c2321591fe68a32ebb

SHA512
1dcf621c438cbd24a12661eb52792cf135cec06127c24fc4240678347e7731d815b9e3af730b52eb6ddb7bb13c6d13c8dfb6155d15e45ccd2e257c2bdbe02636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\2dc7a0e20babeace_0

Filesize
261KB

MD5
e40ff44c2c70085cfb718d55e89ed588

SHA1
0a49786325b330f88a4aea5949e26ac7f2882e70

SHA256
47ef9559dd9b9c49c6ed825cabac87006134c6dc28b681547bee0de470543da7

SHA512
f9d95fc37df7baf72fbfb9b40c8d18e6e14b68141ff361de2bcb7879bac5b62bdb28f01d0d828b443d5b8fec9df0db942a24422a7730f2a817407c32bfb176f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\30ba8ad9d98a7bb4_0

Filesize
325KB

MD5
3343f9ea3b46403a090dbe53061667d6

SHA1
5326d239719beedd1992b8b8eca85aa5119300eb

SHA256
5ba259e4f6836f6fdb3e1e3935b1225bb1915437900be2cfe446553b44bfad77

SHA512
c91aa2a12f169ef76ee2e7d2487a7cc52d2ed59070c17897a720325926e01c757300bcde506ec09fffa9c254bcca0048d77da527a213f6d34bcd0d769c37a9c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\481963cd074f1a48_0

Filesize
268B

MD5
af0218440836e4f70a96d0c9cfa71367

SHA1
8e54546c1dbd335d7270bd103b36b512c416d2ac

SHA256
f569ac7d47f2fe0a5261a1d68b069a4ff672250668d4ddf448114018b35a2974

SHA512
7697ea64db87198d25687c41f43fa1b37b9c73e3826af8ce1f710b385a0583b0795256c248f18f07a8cf8671ecaedcbc243b173e41f03dee9e7b89ab68c165b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\56d6f409590db490_0

Filesize
54KB

MD5
9650258496d98be8f14bbbc42b88bb75

SHA1
de73be2789c5be13f1d7c715c847faea432c124a

SHA256
f718b255a06617300e144d416677a76f32a3b3d0fd3c1aa9f2cd8801bf114dce

SHA512
f45dafb21ea5d78b4a30c817484afc4dd1ea3855cd34b4ef1797ae4bae6e1e513226eb36213ec1368c02659808a98b8ed537c410f0a7756d02d941fc470673b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64223413fcd8d885_0

Filesize
261B

MD5
9d770d1763eb23211aa925bc89ed5cd4

SHA1
f5bbcd5117ee1a5f4bc1576e25e09807653a9919

SHA256
2a4a467ad4ec53d8e0b5b95aa2547aa158cfb7cb1e50fca9782b236dd13974d7

SHA512
b0c6b2c76861a15037e739b2ebe8d929e415028e53f8d48be4ff2df9cccc6369756d967f4a095fbda4be16caef6fd54984262b5ae62a24f6692f728827078bd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7a8694aaa036738a_0

Filesize
21KB

MD5
4030e681467eb4c0c9b000a2c91555ef

SHA1
72e2efea6284348f18162c31d922ae353b59ec78

SHA256
16535cbbbbf843162ec7db00db405f453dd95a14034d68013116986278266958

SHA512
526cd7db99c1c116881d34ff4cfae60702b0b3bf947a4bf96eb625e1a0cca5f4ba853fdd2b0994ce18c268cfb4381fe69ff9db77cf16e48f00b5832774e698a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8da788ed8d3cf1ff_0

Filesize
264B

MD5
92de896e1dc0102004eb5bb9d676d788

SHA1
489e02037158944448ed9a9d874031c32d6d02df

SHA256
e6c86ca3615637a5e45882398092569a72e1bbbec91ccb39daba6404ff15571f

SHA512
afd5d77d0c319c4860621a2b8ac12286c749f664987728cbeaf9aef5b841f963c1273e7327384d078ceb00efdbde097396c99dc30ebcd16916176c276c4d0598

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad32909092a0a631_0

Filesize
516KB

MD5
bedde1a560718976bf6c353224ffbbd9

SHA1
0903c0c8fcb26024457911416c2c8be9bdd91475

SHA256
ab2f096a13f61956ab1246b53e8d8bada5fde26d87e7477078f67f8a106c67a3

SHA512
d9354e38029f57bbe01adabe7d4dfee2edfb0c6879cbf582fe065d0ba9fa76fd107b388260cfdf47753ccc31fa4ece704cdfe9cbc039e15d21883b94da53a877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b13d9848aa9ac2f2_0

Filesize
278B

MD5
45f2016f091b17f5b433be331d1283c0

SHA1
f528d45693c7e34b8c2aa96934d67cab2cd8ee28

SHA256
3eb66dd3d660e21603f4c5c42c5f94094b788fc6b3b533a72ddaf0923eedb626

SHA512
5ffbcc21523e8afcda827a5c320fb54577c19b5d2483b951612c6e01239bd88a8fc1a54ac8455617e2ecef88bb29c8c58215d18f8ecb5bae754665ba67f3be82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b41c96b8ec769b65_0

Filesize
263B

MD5
efcbb7f7420623c75f3f5bb3a99cbc1f

SHA1
1d3f4bf6c210b78210550f181a9aaf0a295ca33c

SHA256
7d18fd316c32365e1f3e039b40c3086f89516b953fe95760a7022eb0c47bd2ff

SHA512
eb39e3105145d6498ef527eac487925b78f45467e5cbea416c9d2a5900324a39f911bdb80947ae9e85e1f25dac113977c4e9c02629d3773dcd1c5f733e68e91a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b4f22261d9a7eeb7_0

Filesize
85KB

MD5
f700af0fab19767d1828248ab12fda1f

SHA1
7a5bbd1eb5af63eb52a9cd9df2901cdff933aaf8

SHA256
ffcd47a3ed9c57b744d109bb13d7524de7aa95970f84dc36e27b5675de04c36e

SHA512
46c0205970d08832a479482dac49c8903ffb7a1619303f8df22fd85f483dfd0667b9a7b43ea200411b0cb7164de56018112891ce4f5218968a4ae31b66410522

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b953dbf4921c7eb1_0

Filesize
3KB

MD5
fbfde266e9e4f8b0b15ef71a886b9b22

SHA1
75aaa68721178ac8fa2c28ac931e5ed6b1b4a515

SHA256
4693f51b3e3eb10bcc05141655a60bbd058c5d2d317460d3ebe8f670ce209bfb

SHA512
75ddf3aec2911f52c1dcbed92edbf9472d716af968888e8aa258a6907fdbebb0bbc173145c28f8f1672423ac9439390c11ce80390e94575fc4059882197a56d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c3e7efa539f7c8a6_0

Filesize
239KB

MD5
471633d008f8c93312fc521a46df1c6f

SHA1
07c3a4b6002c10197b3e2905bf9a0d37bee4800a

SHA256
c4231d80304b216b8b8f1d39ce639a0161abc8c927c5e91deba85ae8983abe0c

SHA512
2e3aed909f9f6dea9d23a259b0672a7b29c070864d5bd76f122353a92a675bb0df2b5c2af5b28b63fd07fd524b99bf1e2be7c4c56fda050ff44c81b2fade0be1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c472784dec098560_0

Filesize
14KB

MD5
fce7977e5a1b29c019fc4b19683597f6

SHA1
bd2bca806fa83c015b6747605c5d319cd92478e6

SHA256
c1b91ca1ad99c325358ba4e34ba73bd967e642b7bc54c5c05c5827ecaf4ab342

SHA512
8430bdceb4293b04d092bec16ab6fdf321398d31a20c25eed0ac7ad6ecef82bc962ffca0b6b80cea18ffdac4f891d46d1d7d8ee3893fc9dd79af5cf7176fef54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ce25b94a8d32d720_0

Filesize
54KB

MD5
ef30c6208803720e3543dfd4c1f7dde2

SHA1
2c257ade37e5113b20078603023fe12a911056b5

SHA256
c2d8a9cd7fa32d2840b723a01a378022e14e3bafb6e643509cb1bf0a2f0cd19e

SHA512
11562df26e3addfce0fe5518898d588fd08eff28ff214dbe0be945e24c2698c57b1884362ff28743e796f56d16178f1e1d60974ac1b8023e2fe1e004bfb192cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2dd64a649140650_0

Filesize
253B

MD5
c516a9e7cebfd9c220d2b1ed6819263a

SHA1
810215b50171c1b3d393bebca93a404aaff77ef5

SHA256
86f9d631fbdabb825dfbfc612c7c77bba274a4aa9d97f56fffeb980b67f39817

SHA512
05e8dbd774a023c9f85920c4809e0044942660b9c59efb5b3b53c6ef357e695bf5725fd62fec2fb34191b0fcb390035a31dd9727de594ee27da33419a549b837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb79df2682e5b018_0

Filesize
379B

MD5
21f70bee8761d68f68800fe97596837d

SHA1
4f0cab7a815c354dd6da92c258a2f09b39ec913a

SHA256
7066a6fdae68d3676301ae5967f25c0295644624880f0c45d087b3dab216a89a

SHA512
0851bf7910136bc751ff3b4eb6f58327d3ee68121b366e50d3270390b6ca6e7d98e4b5aa66b87d5ec67f0697f873ee65dddb646ad8742556b87b7610961855e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
579ddba940da39c1ca52686f5a9e327d

SHA1
37cadb4f71eddeb5d0f61a04d80d6921315f390f

SHA256
71793561341d6dd9894dd7b42002c2072b58dbaf0c904c5a3ba641c117de26b2

SHA512
f23d6faabe9182589dea2d3337b036efd523a9f77eda76aad04151a61393c7ab59c66ef4d8cc97ea579328edcb8a187fc54488d7deadfaa32e3ca42111086b82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d047bac3be0283a423dc4e0aeb800751

SHA1
7e992ce8058f71b814fcf34fcb47e7d4904915e4

SHA256
7a76221c63eb15b2ca1cdaaa41454b23970d86deb382ba7515a460f4e884229e

SHA512
f0dae71a66a5f7e29c8c1091ca59be84eb7077d89a123249b38903bcc8ca476be308b435f0392076b7d7c2c2a9f0a1a57385dccbf801ca353d6fbf291a56f9a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
044da98d1a024dff05e7628b7394fb33

SHA1
b38938654fa61f67b23b2de9fe10dd2bc5232799

SHA256
a183b699a0322084e34cab07d9fdebdcc3ce3e777a63d7b40d18039a81549670

SHA512
49460a5d1193e6d0c121e6c8786b146de22c8b5eb77cce12bc812c5755fb04376843a066a714af1d9ba85af847562f3b6cceb41e269767425734c5db2a132402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d1b5efcefb1f5d3c1de7765d1808da1e

SHA1
b56bb5232ac3617ff969efc074ce1ee88b5841da

SHA256
6e2571df4aa5826bffadc9f481101ee4b94d53ecbaf26d4976ec11951e7fa712

SHA512
bb2fd363f7a1bfa9075b0a5813f66fdde9b4a75c4b0ce10069070be8f99c3bf539e2ea011485b8c5aeae8c6cfb87df6990dd43dd1185aa76b8f4a4eb3498beea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
9882784c3e5efc74291432ef82d11b26

SHA1
4bd0780a1ed1da9000418da7e7d9851057670041

SHA256
c96b5d7090de826a8fd0d5d7dc65ca4d496385e33c925699f6b4b8ad8624a271

SHA512
c4bc9f5197ec011c1299ad221ef954ae61481956a33a3bf313aad459cbb216807c47fe0bc255a58caba042d0e9da626e1028df723d550717197c84a0093ac51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
b35fcdf144862eb9d56c817c13af39f3

SHA1
6c3e4289598dc7005afe433a6c8db3ef667cd9b3

SHA256
ecd4a473fd5bc0872d8569c7b58a80b8c553bada900895ead506c8322f6fcdfb

SHA512
abb6e15e31f4abac01f114a529b4e8f270008a00caf061e48896e5e7b9f3a3deaa392f6c49c3ea5a8b49c9479d4a8e855db8c8e0b094862ef38ee9499b7b452d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b101dfabf9a838f1daaee19ecc5a4bc6

SHA1
1204415ec2b12cbb2481147463f651d87c4deaa3

SHA256
d5632fb2bd929282b66550dcb2199b0359a8c6dee08ee6ac98abf3ca9edbd4be

SHA512
9ba66206bd4546344c2bce915c5dd788938023c51c697c3b376eba47b882078c93d2300b57424fa58714d8a315462db9e44b91590bcbb511b03129acdf418cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a083900cb05e08d1a805d876beb8e828

SHA1
a7adbfb5b3d73828200e5a66fb6bc9dfb9c2921a

SHA256
08f750aca663c13a52963afc4895242c884f1504563b8a1310ed0248e4e2d048

SHA512
238353d3a042eb4d85285f56dcac049779c90a7f68a02bc4285a84dd4eeb0b0e4e081a1cf0d23428d28910a0db007cc355717add6af37b857ccc1b4dd044aab6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
2b180cfc838900a676df0ae142110713

SHA1
a4847bb189e59eb05ff2ce39acbf816124dbb11e

SHA256
c0f0defd66c85a092280afc4a9f0d0a9d7a65e3969783651be9d16dcdf3e783f

SHA512
1e5f1342be134387363aedfb536ce49c2dab0cce5f51f79028fc6f019cef22e3878684102dc7db1a2bcb6fbdb5b3f83ff4219c4bfeac5d0dc0564df2ac810940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
0aceb147c09d1d647e0df8e5342b57a5

SHA1
9bc7cc144f4533ecdb3a4b8da6c8fdf132f6dd08

SHA256
4bac41f3411cfbfb12b6ec5a0ebbbd55c337a123f73e899152809f7d94e9337b

SHA512
f3c4d616565b4a74b83d128fb5d245879678fa06dff4864fa04430ef7b08ea07d7cf18859b6db7c018c0bbfbb3a97be9838f4bea1fe634128bb32985dcf0e72c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
82fb78d1f40926304e796006be5cdae8

SHA1
c9b13aef46f7edbb3a176832e0912ee71dfd36d4

SHA256
1017a6c66f903f7c313f2fd25749297537bdbb6fc297490abce353c93d6559e0

SHA512
b244ef197b9d8c3b1d36c598ad076a8416cb7d86405d393b4b52ebf1b62db50a2a15e8c38385617122393d183f7e1c20704fa756fad367cc83304dd889680987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
14KB

MD5
745ef7460edb8403b73f160a1aea5ad6

SHA1
c711431cab85acfb75937011ebd96a9e3d7c6694

SHA256
4a4b01746b1b27d341d95bdd8dd6860769717a98b28acaf1a6e3a0b3501d36dd

SHA512
9bc25d28f85d07341dfb0297781e632b5817fcd9cdbf277886338d4e7759f5540e12bf4d5458a9da41b5955fdb9e4f1d3bc1ff804c4c7409752522150c5ea0b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
f2ec2e86f09332c6dddff83eeeb4dd29

SHA1
710e6761c5935abbe9275a2f81d84d282c2656c6

SHA256
bd67aca369cb61d9278df8cbcaae3112044b620a918b9059e6fb7c5fb0e1c739

SHA512
8eff5d61eaf16e049d096cf34e44a635493a3bfafea30158fce92030c294539754040debf9f23f56871e2401f39a3a278b0457fde3a5526946f68d0834871ba1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
0c66cc8f75595e64c3f202ae111fa4e1

SHA1
04b0a424b8e078cbf993fdf3a4bced394d70c1ee

SHA256
3e915933c108d2c4b33c3bc385d85247cbd8991c793e5620b77d63c106dc99e6

SHA512
ea00ce441800174215023b7584700e0f6bc0d4aa7831994e3e0466d4b592c117611284be76310bc4b8d08fa141124d3c5a71751a851baa9e9e3605782cd0e011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
74c1838ace9ddadadee1ee093d014ffe

SHA1
f6548984511270a3f2948139557e37dcb7df132a

SHA256
9753104c311eb5b7d9430bb860155856b03180184cffce9e32971ec1fd3262aa

SHA512
2e5b807923e8df96ab73597d149a4cf0c1567af7f48a0db03f72ec1f849017b94ddc0bed060dd2311216aa67fe193052b35e75ea618b34f53caeb516e73ef8ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
1ea24d56e981eaaa492e8860a1083b62

SHA1
4388b6b215a8499cdf41e362675aefd4a3f89b76

SHA256
adb6132b7375941b7aff2590be382d73a62ae7f2ea02d8ff4f737dc6bd5b9763

SHA512
a215ea9a8fd7b66c9e5e6979668d351c2f31f08edf60485ed5fe8c31665f53ec4e1c746d096e53e5e0510803b79d0fd0a67a5bf6af606155e48a16bcbd1e42ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
353cbfa2b87af26f6ae0b558ba466a78

SHA1
0ef76e2b3d1eb1745234aaa5b31dac8be26ba9b7

SHA256
7f5c167bf5afd65092be809499f5d870649aead38efd323f466b9d9711555846

SHA512
85bc6320165d81a20dc4de7e556b42dc3f167e96f182fe23109d78c33c87c092670029ed8d43549e0665a2a56a2d9584162c75f82172777a5dff67a39a652d29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
9332ff06e85032455014b96dfd81cb89

SHA1
98c949a83bf3e640218d0eeaf47fcaf124f66b50

SHA256
57764c93f680cde5868a34262700f4b45015f5f05e1a9c84c90521725af4d53a

SHA512
62a38ea52789c6f0b481294d1825a239104c8ac2ab9f1c496869160cf738639df6d6a16781b5548d95ef8b34718ef25f58eb597c81d3d0d646ecc438fcf39a2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
aa5ee857197b30720f7a0765d3b4e819

SHA1
9efe994805315fa8db798bba5ea667e281c353fd

SHA256
436cfb0b4e42bd6812bb1bec170f48574bfb87aa9e95695a1d24fec51b75d6b5

SHA512
ef4f7d93b0fa9df813f1e331394e0e6fce6bf7befe403debeabc0a715c10279ac6f9d445c2bb334eada332456681f0dd9f54ac69dd7427e0e7bc7c0c590390fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2e11ffa649f9fe70bb81a000493dab30

SHA1
f6d0db620cb728dad3a0bd9a500d82af36bf2ce0

SHA256
90f47836eaabf9a8af53af9ba5722a70ce49b54338e89d37b1c05a4183754c6a

SHA512
845de21ec4eaf70a5b4ffeaff482d4682f073613b4bfc06e1580b91fa46d66d51472b034c3726bf08b508ae2269bb658bb3b1762b349e1b272ad4212e6168f6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
a2467f6f0520465591350523cb47e569

SHA1
d070873e487cdb2fab67297e6aa865562725d9d9

SHA256
0d4d19add2f9dac790ffe35bbae99d79634466b08482381b4b2981a863b56af7

SHA512
2f9589edf3217f4d93f72c693a2ee26fde17fcb89efac761f537d7cf4a674ff3c90c89bd73e18ab6ab41dc1ad911e2612123a5e8e65b7e44c943b3715a2cb2cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
5b9ce51f9b8cf4c83a51307bc87daeda

SHA1
128f843ffce23305bac6df2fa76db4ede9885420

SHA256
3bc99338b0800deb617398052b505b4443072922de65468ff7ed0913b6f67526

SHA512
86d6ec48c619dc2fe9ad2e96c8cdf813b8ee8b2dcf9412f0d17bab024454282d4399771400b97d8597ba11a7363afc923566a49648c14c3a8cbcdc1395be77d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
b1562bc6a3a52bff8e02b867ebea32fa

SHA1
09512e6af99a201484cb482d71c84ea7dca7fbaf

SHA256
7551b98b336b8e1cf0a33d6be9daf2d789ad0be928ccbafd1a07f42deaddfe2b

SHA512
b203e6397e8f6598dca89b58f0e961bbec9b51d6bade024cb39f64f82443d5b6eca3cfa0e6dbe5e2d466a43eb62b588e85f55e5cdd9596e5b20d178043b9b0d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
cdb8c84198b5a57b03cbc61416fe55ed

SHA1
b8a680d84d736f7e3ee0ff592dd6555535833660

SHA256
ac9f0788f3b88cd0fa9be93ca179f25dff3780559f866ccd329c2ecae7a0768c

SHA512
67c9102be90b362f40a6082bb4244d945f00cb60733148c87caf4a911a2a0c8281f2dd4a43174b9d6bb8555997df3bfa21c1b8ea6a862e4371e8b2b2f127a501

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
b9a242a90ababbc0b3039eb85ce98028

SHA1
1dce6e2356abdb4a8849dd76cf8782789515b5fe

SHA256
039688089cbe21934ea73ff93197741fea036123a2bbc85f15c0301583ba7efa

SHA512
052c74f16c6b7d99ac8e8457701d8e5d40ed51fcf3b4d48a1c9e2a6f48712a7812be4fb3effa6363029904e41f2f82d35107f9431e24f5384927ea0af4978a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
94f03ac8004fa81fb7c4b94795db055d

SHA1
b928affce6a508fb4eb83ef94b46a27f995381ce

SHA256
1a1dfe8f613e6d16cc6acc0e7bc494c694141032f4b2be5fae807b3dd6d1dd99

SHA512
719bb67cfb36cfc392351c4074cbe48dc4592fdaf8243d5141b99623328927574b0d1d948741677e7a2ee3258664f6d9dc916b0c3a722a40862e032659a202a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
963a6d753b40741f323866cba5808c8c

SHA1
98d2ce3ea0c6efb42f9e07b19f58ede898efad3e

SHA256
1cb683ffd954918da1a5d3cef06d4c664906a2404a31f067360451dc45f28d35

SHA512
79ff22d0b37c63d3c2af066fcf61d39f97ae8d59f526ffb1cf1abd36ecc0c294275de831cb087a4e7f1a9572498f859f9f3de2da7a8860e2d082f64b8827de71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
678abd3c2e11be862f9a4b92379c13d3

SHA1
143863019c8f2fa773cb6237625bff4d22f795d5

SHA256
e74207f1ad7cf6b7bec3752f0f0132b3ec9161e31d8f2dd1dce6bb28f9287924

SHA512
4940624be4056ec23c1819eb82434ae25d9ea841065ff7927e1e6c45722896358ad5dae71ed56c6c80483ad657331f8f8180c615608628d19103a326dbb1dafe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4650dd4fe60f57fb19ae0f21032e040f

SHA1
f69d4acde82500905db4615324c86aaa50d52a8e

SHA256
56630d834b557cbd96d3887b6eed12af8172edcb2ad9cd5940e31db1ba8852b1

SHA512
d6fce16a3bb68492a82be3dbc257471216e3caaba87d055ab6966d5c7635e85f9c04cd5b21eaeb26daf95780cc44f58299c96f3defa8367339fe567fdf0549ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
0f984eb79878bd84a37ba1fdd0474261

SHA1
3a2e51e5c6849b6225051dab613e87c3d8d2a78e

SHA256
ea73ca46e29e0d487b4e9c7704ea642a4f23515b4843e35f210adfad8c0430bd

SHA512
325d78d239f824fc383aff6b90bd417b82cd59cb283aa6521621f7b5678dd2f457e0e55fe81d1ceb3fb267d34868f18a5543d1d41312f86d8147280f485e2c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
f4ab7b0b4abbfa69b7d825aa2c843623

SHA1
4ec37b77459f53fef6338f1a5f93747bf019c023

SHA256
bc02df57d3a13f6f3ea5e977bdbc05c92258657de6976a724d4b73b54b0c4c3a

SHA512
bedfc0af4949a560fb788d20ed6ba6900c419010b80209815f890c2b0ec02e0d32582ec11af181df5a41dfbadd586dd050078e25f81f5fcb0a18d422b93eab2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4482ceb980a36582dbfd5cc6bfd2d166

SHA1
727bf2fc6754959cac6db90fc2362fa70aac55f6

SHA256
f3345275ba01c65076e9bafbd8a26999977e4014f68405a7b8fb59e73da3a1e5

SHA512
faf2aebefc0bd781cd243fdcd3fec8073408cecd4079a2c86aed04b8f49c315c3436c9622a66956cc327a215bec1cbf32e6bb2b39de8c0c525f657f03df336a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d364b3f3a55b6ef48e4c33226250130d

SHA1
0d5eabfd50c8e5e69f24e5d04540df551f85caf3

SHA256
5a667083665655884165444ba624bcd02bd5ae365741f725bb889a7fd4ba3cfa

SHA512
42cb8feddb25fc007d5dcdc0143c3d87bac3a1fe672d8200b101d253129b315595f0beb29106fee04248a80ec5581efadedd61b323968ed227b2f367bffac93b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584774.TMP

Filesize
1KB

MD5
39060919ca6231c87032ae12d6f6e48b

SHA1
5205592211a45631ec564e43e89d0db2ef90e224

SHA256
766c002afd08eb3aa82d6e9032c1fc479932af91a1674fd79edd78191cd4da0c

SHA512
f69c97f6e2c0497cf9401bf8e41788447fd6df6df085d9b527717154abe4b1efd4fd64b5044cc006ac6fe80e70d3e2515b1bef35e9f675a46ea5b06e0cba3c00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0ef30f50bd9ff47e311cf5b1befa2d1e

SHA1
de674ff18c4041f914faeec7ff2e7f06ff8c3b77

SHA256
fcb82cce85901c071fa9ef0f1a0e4a95c8a15ce3c0205644b7861785394d0b7c

SHA512
6372202e3aa73e5828ec74dd312a5e66f0e9a24bf35554205a9daee5c0d84a54a7ba75652174e0c05e54f2aa18d277349cb405b9f97e7d862232a685ddf55322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
02576fc702ff1a18aeb646a37dce9cce

SHA1
4fcf65e07113fd3f35f6c5b91c0ac8d7a3540e08

SHA256
568b39f7a4b8a6d8fd968fc51de67d36d4794b35e724e7375560ca20852a0c16

SHA512
ab5c50eb7cadf7d13b0bac9cb5bc27b8100d7a077223d2ac4b205ca5ec41e895c59ac11707a539ef72c10b9045df5519a891b03e0f62d462b1d21bffcc255860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9e2af4642997deef7d46ad25140cb41b

SHA1
53dd1725b96d8c69914c147dae70803f6a8cce6f

SHA256
08da0fe3e743e02d34c594e67f7dbeffd8c50b5d7b5a4d8f0814965822981b76

SHA512
868ce2efc4221fd9001d020ee8c104bc320f23d8e626dc6830fe75b646613ec88328c3f89c7a7da733311775748d95060277ead5de6b2320b21a88a9c429a065

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c7138fffc5b403c298523ac707cd435b

SHA1
39dc32dd48f69c57c898af3dc1ec3e5dea4155b1

SHA256
ed06f9d0a54a5f7b9b459e6c421522e1b0ba14c26dc374880e0ef1f9ddf844c4

SHA512
1975fd9e793dcede9a57bedf5fb0bf6ebb440fd480499e1f8a0ff1828aefccbe94bc480e8d024aa82f0d39bdb5686e859db0ca4b5bd6d06251723077302609e0

Download Submit
C:\Users\Admin\AppData\Local\Opera Software\Opera GX Stable\System Cache\Cache_Data\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Opera Software\Opera GX Stable\System Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\resources\custom_partner_content.json

Filesize
236KB

MD5
8eeda41cf4bb6900216e9a91e69bf857

SHA1
858fd2e9f90a1a55c4a7b6de5c1eeabc851749c1

SHA256
00cc54663583ee631fa4063b2af65b89b3451c70435d8eaf9f8332b5cde916e7

SHA512
eb08d29c0f317fe0b3214bbe56cdc3b6f9c0c6a4289fb6c459f6915c2e227b507e32b8763ffd28bdba829de7cace4c3816346b30550410e9d09a2b637d921748

Download Submit
C:\Users\Admin\AppData\Local\Programs\Opera GX\installer_prefs.json.backup

Filesize
2KB

MD5
e90b6611af64eef2ad8fd0258425eaaa

SHA1
450137c5c1b84341b4199283cd44fde86c9a7415

SHA256
f748ac9c87346cc3d5679f751031d0cae9d0ebc615b5256e73032b0c11be670b

SHA512
74cc60d1f4e9185d0b31fbe6ea178e8f7006954f997cc3aefb34a3be34fbcaa032a95624ebfb57467362b9f8b93a0bb2729643a210afc4f8b96b976869b97f15

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\Opera GX Browser.lnk

Filesize
1KB

MD5
ffe5ef7190a192e004a7c85047bc9d9e

SHA1
77963a4f2badbaa21abab4b17d2c1c957c83ef2b

SHA256
b91cf182833c1263822b9b997afdae55a9f443628e871a4f6d97a098340b82e6

SHA512
c097b4cb58057da85f90c37077f6c7fa64885acd9aae559feb9d7fc44644db8b6ea88c13f6ef23acb703adf15c3e328dc21a2f9d36a2bb9ef5942ae1bfb4fd26

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\installer_prefs_include.json

Filesize
949B

MD5
8286e93fa5dcb7a5bf4d750094ef171c

SHA1
6c1d1d1272b28d951ab33a02b8fb952a409e8cd2

SHA256
92caa87d979f10cc19c9beb17b75aa16808e009430fb48325b6be15c486dd492

SHA512
c18ac75eb6f03ea50b1d1ad232fce0ecaef52db48328799f50527aafbad2bf4b551ddef8419254f94ef6228f529b43c3d7a1b2624513c39bcbaf9db8de63c5c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\installer_prefs_include.json

Filesize
1KB

MD5
876077e9e9f0cd5a5bd2c518c8ba67d5

SHA1
f73eca9b6d757e886a9025bb5acacb6487df71e3

SHA256
3d08ae60f42e61936bf04c8b7a7cdcd20944a5a1c92c2de044eb223013e7ec9a

SHA512
c10f010b3b80da2602af6da4a643531f18feff898621f9fdb06fe862641891e905fb486b0fd923343046195b486b6a0f2e5d248f5c0b21e1c675c4fb271fa7d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\installer_prefs_include.json.backup

Filesize
934B

MD5
b19551f4621b5f612838ba1b4b3a53c6

SHA1
352a0ef3f8b1ce2492687718a8a3627ab1a4fa66

SHA256
9c90835848f15cfd17c4362df303045b2ddd46e5a2f17f6c6e86b9fab9118a1f

SHA512
95b6a88dbf1d31c6b9c72482ab7f5964759d0d1a0bb42eccba96c3dbfeddb8be308a5386735da9ab0ffbb3585d09830de4bac121127e98d43fa0c195c763edfa

Download Submit
C:\Users\Admin\AppData\Local\Temp\0caa4c62-801c-4b02-b9f2-f7b231e71321.tmp

Filesize
7.0MB

MD5
0b826bc00b8a2fc0e04fb119ee27d4ee

SHA1
4751ac0eb54286ffe88dcd892c576a776232111b

SHA256
bffd6dc54ad11e06a292432baf3fad696026f4850c6437f39556eeb961e282b3

SHA512
79f20d219dce6442f5947bd9dac999f01f3bbea50d7e5fce7a030830d162d8d21ad2238515f18e49803f79aa0a3de3cb1e1d76764ea84e2f1cc54f543fdf00ea

Download Submit
C:\Users\Admin\AppData\Local\Temp\3ad1cd65-c1a4-4b1c-b330-296701d17dc9.tmp

Filesize
259KB

MD5
c539f540c37a41119546652e2450f424

SHA1
ffd13a56617ac4329253cebc6bcf2a7fb0a317ad

SHA256
b73dd3378b33386ea5a950960dbbda2ed595282ac2879502051b189bf3b2ce64

SHA512
9a01673c0d1b60c1ce34c632273e7e9be4543c37fe8e780c882b4b28103f49c1f7a539bc829e03ae3ba3e5f5061463a09cdeb4745789189a6a03ac379c9f5db6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exe

Filesize
6.4MB

MD5
607fb47ad9d20bb16f90e4a38c93bbfe

SHA1
578ea8b4bd0bbd32114bfd61910118c3d9cfc355

SHA256
8a82ae5c857123cc6972b93828f3a6202c0db4d325ea6d5b1e36dcfb290c1e09

SHA512
23470d0aa5989132efa1fcd4b1d183374384e3b75249910c08e22d2fedf315f084028b7299d6f6c0a5230b2ec78179485d0f187d0a87f710d25f1eac81939e47

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2408110852502591140.dll

Filesize
5.9MB

MD5
1e6485e90130bb0cffd2ae2ca7fef2a2

SHA1
b9c01fddb3921b6f56d8d774eb0364f7024428e8

SHA256
907cb59383443ce62fdcd2eb90e4bf32cf3a0de6078e708f694dfc7bd7166b5b

SHA512
e28ec73e1465591827f092b71ab740a8de0b7ffcf5af0b3e4c1c8be37f16f1a87ae4fdfe23c25a305741a5aaf30fd2aab77f55061eb729f0dc5e64aef3dd6527

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2408110858398356020.dll

Filesize
7.0MB

MD5
f09a4393c71ef161b22d9448f84fddf1

SHA1
47b6e230391fb4e5008b8706250de6fef0ba684b

SHA256
c7d012ed5707bc25780181bc7ef45f5ae2558b98e8ade7ab6d20439bf11130be

SHA512
62df63ec1a03a329eb97d702e25f09449e2123919c0d1deb1beca84f7fa4ad2a52be5da175c195b3b0a91aa3a71c82dcda92335804c5b713dcb64208a6561e72

Download Submit
C:\Users\Admin\AppData\Local\Temp\adfe3f3a-918f-4690-8243-7fb4494a7f05.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\d5e92c69-317b-46b8-a834-70dcc98219fe.tmp

Filesize
2.4MB

MD5
311204ab754a99aae4e243396b09a93f

SHA1
8e55068119399daab8c29aea87a3782634f50b84

SHA256
72cb7ac4a28c9a3cc8dab21d7a32443535c6e5904a7db2653402c74cfe160704

SHA512
8159e2b97311a6b3ed1f9e6b02242a03895a15476570caa6a05afa0d75c7150d6959115473fbbe5c92c0b2c4332fc52fb3a2e89109ef7e55f3a15396d8e72354

Download Submit
C:\Users\Admin\AppData\Local\Temp\d99e98cd-7cca-4e61-88dd-c5ca989689f4.tmp

Filesize
20KB

MD5
f76d2267eff21214b736a070247e430b

SHA1
ec200af8d4daf069212270137a05f90e63cf5354

SHA256
19787423b08de5f0c07d10fe218c28e5f04a95379383ae61913b81c5cac532e0

SHA512
0ec8606b67a924c507cb8b0bab1700794d02ffd28091f836e1934f828ed21c523147f21b154eb0d4296e93358af47a9be38c570147beccbcc049e742eca360c2

Download Submit
C:\Users\Admin\AppData\Local\Temp\f782f5e6-22d2-4293-83db-3d13bd76c206.tmp

Filesize
6.1MB

MD5
5eda2cefcb4bda954d5c43ef152f1956

SHA1
1302de9ea21b880e9253e1c3a80f557f73b208d5

SHA256
2734105ab1452f7096aa735ac9629a6feb4cb1bbc8cb167e9cdad8b44d700962

SHA512
ac3179ea5b66116edf1bcbe3ad481ccab93fdcbb32219c17a392ca492b7ef5c9ebe5b2b9a0748545355c587624a40c92f6f2136d8aeabf987a3c00e8d92d504c

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir5480_1737909500\CRX_INSTALL\_locales\en\messages.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\69bb88b5-27fc-44af-a9fa-320e3757e3d7.tmp

Filesize
956KB

MD5
a487f1c197a5fea1526a9e6e465deb52

SHA1
1ef571e4f8b127a44a115f8810e0c6b2b9995ce0

SHA256
44e2d6ea4ac6ace483b65df798b0d3920725520ac26bda23371209733844f23b

SHA512
751ece500d085f4dc40bd8bd120220d29b805ef313601c9726da0963f9451e61c15748bd1776ad1d2d19eac6731993b7dc1e01ce79799eeb1f8965312ee7ad5e

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
d33f44e57e4155425ddfb93e813cac80

SHA1
fb0cde538b7838f44132c7dd4756c4aee07899c9

SHA256
7e2c318e4f4162979979299153765040095b3d4950573490fbfdaeb47557ccb4

SHA512
f107a1275068a4da775a8263fb9ccb75bd487211cdbf76cd415d767a7930b8a7a6a718ba11a5feae4aec61342be516e61a25abeb3c3ac303ee580c38ced55a8b

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
6f02b47c8976d0cbe8b395462c523b92

SHA1
89a59d7a80408bf9f2834d03f62acdc995a75b96

SHA256
d214e14c83420af5b3771297159e844f936e7d134f342b467b5106ea8099294d

SHA512
232bded347425a4779926cd4a57244605ab293481a3206918d2620539fb6157b5ecc89783b311369f911bcc2a59c0340bf22f82171a6e8486b2829de7b1ec567

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extension Rules\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\Temp\scoped_dir5480_1615833183\CRX_INSTALL\.DS_Store

Filesize
8KB

MD5
52dcd2b3948dc746f256f6360738f719

SHA1
5c3741c1503db16e021f7d09fa241638c2685c8d

SHA256
8fb5f0908e60f162a002c8d37bb9ef3c95252d6fee1c021f2475c5a9f4b154fe

SHA512
7b0e4e00a6afd110b982fab6f8babc9c74e07b5dd16df67c9ded015e3eddcdacdb8c6f702cede41402b5ed570a35537eb1b1e61754660271df052c67e2942f21

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\Temp\scoped_dir5480_1615833183\CRX_INSTALL\icon_512.png

Filesize
373KB

MD5
f53348fe0b4965df964a0749820b53a9

SHA1
b875035aa82351732aafe9fa629af517988d5bd1

SHA256
733bac8b25454f5c61ae365187e83e27bcdf86ca98478a5b08d51258969eed6f

SHA512
b1dc54f5e2c5c147608f88ae727154d5a87213ba1e8dac3579d69a32b615f4d64bcfceda90955e53ad88dbcece19939f94eb60234e7c89f53c775358235f381a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\Temp\scoped_dir5480_1615833183\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
b0aadea1a48c58f1430a1a8a70571c38

SHA1
1c0cc23e61cb7b03248dfbfc641887a7fd8ca746

SHA256
8b8f663afbb6547d8447c3718a87093142689ba24c5e48527b716dd131d1a118

SHA512
d286fbdd138be9534e848a11955f4c1b780d8a867124968b3b345e599ccdd40bedf17b82a7d16ed748a0afa48d6589b567d689ed0b6549b5a05b3097fe2fd45a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\Temp\scoped_dir5480_1615833183\CRX_INSTALL\wallpaper\.DS_Store

Filesize
6KB

MD5
194577a7e20bdcc7afbb718f502c134c

SHA1
df2fbeb1400acda0909a32c1cf6bf492f1121e07

SHA256
d65165279105ca6773180500688df4bdc69a2c7b771752f0a46ef120b7fd8ec3

SHA512
58941214a8334331e52114aab851fc3d8d5da5dd14983f933da8735c24b0ddcac134e8f13692553199c4d9a14a4b3188b62878a30b9d696edda1204666b60837

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\Temp\scoped_dir5480_1615833183\CRX_INSTALL\wallpaper\dark.png

Filesize
4.7MB

MD5
35a4b0fb405d05e219e424a6935835eb

SHA1
7e5ef741b3f32518d0c12af814447d3208767ebe

SHA256
2d23f21958f5682239133d69d4b17254e4fd2eb01e72e33c4dadc2c82017dd5c

SHA512
e338c5690670633b4033cd7a4aa28ad31ce9a3b5073e8556f701fe3a1a50e0e6c4e8417f8efa9eb534b5f13b003894d0a699e03131ce300a73917ba8527d33e8

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\Temp\scoped_dir5480_1615833183\CRX_INSTALL\wallpaper\light.png

Filesize
5.3MB

MD5
22e71fdbcee349d82c86bd3298f5d765

SHA1
04977a873ecb7fdc533888b374aec5abf987fa2a

SHA256
d1ea91df3e9af621a5bb1fd0c328a05854ff38c4edba02466cfa0adc4525ae9b

SHA512
d26c34d5484a4572c96db0f40969db208ce74e87181489540821dfb4bf97a933edc5cfaf3271dd77d53b1b23030a9e44560093c6585cbe6f9bdf27f7a6e3cf4c

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json

Filesize
2KB

MD5
f7b9c08913fbb4ee164db4de91a1cfa8

SHA1
ee748920b53e30beab4925c3d4aa30bd7f667904

SHA256
57e2b257a65fa5e980c619214ed9ae25580bbd581143e28abac49928b31977a6

SHA512
d39802a782fa37146bf509131d98d8e2ff121bffe7d5b37e6300b60c0acd6dfd80d2154825753395ca231493162b5668f2c752d125e4fc810cbb3d5d77331260

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png

Filesize
351B

MD5
efb9279c8cf981a1f4103ca61b19f81d

SHA1
c58d2e5d74ded2302e1ce18676a1b3ee4361fc95

SHA256
ac127685624619ef02717d88d40b5b86efe24523df4e026dc3ccd7b3825aee9b

SHA512
45daa4262fd628e3de6b5fd577fbde371c48c321dee86f3142a32523bbc6aef0b57bb4f1142f28c5cddc6eba478d1aee0456f49927b161fef30176c4305f1dd3

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png

Filesize
929B

MD5
619819acdf286356609090f04ba06733

SHA1
2bc994f917e1120c1f93d62a37a8db3e665c1c81

SHA256
d919fba6bb74d094ff1f7b31f43dd030144eb28fe160cb4c401485c859bd4ddc

SHA512
a8386b6bd9692685426ce3a4fc28abd66bb5097d2839f45d40aa080c86c0924f92d0f6a7dff9d76d8243b7eeb09352ce57a27992e1da400b590aecd46012bb68

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\web3\dispatcher.js

Filesize
1KB

MD5
f76046e8dadc97089fa540da755ae94a

SHA1
a9448799f6b026bd25afcba7586d3c420ed35f1c

SHA256
5d638458da2dc514d521f481f90d932294fc8ca0e18d9f83c9b96dac2d360580

SHA512
a25546623c035ac5a616fe1f3dca4edf76e604fd1118980656f263c92d90357e58a861a7a0e7033be725104044c3c311dd5c816c5acd26f5e4d627928d4970d1

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\4.6.0.4_0\icons\512\icon_512_black.png

Filesize
3KB

MD5
e35fb9f31bd2f22070e4ec9b65717b50

SHA1
355c42ee8bf8e04d818fe8133fe448b212fa8763

SHA256
ef072f9c80ccd41e46ab1a354306eca6c0861c3a214791a17efd47fa9b90df86

SHA512
e9694a0e8cbf3eee14117651111c97141a89922d26e4f32379051ff7a17d9d238d7074516a637201bd965a6ec449e76b5c9b6d455d74ed401e17adb53ff6784c

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\4.6.0.4_0\webpage_content_reporter.js

Filesize
174KB

MD5
3a07d6580cac116f79d90a009a6cc584

SHA1
6835e601ad5454e940a1d8e01e29f00e07542c8a

SHA256
6bf79a3f7d54e091f5078203b0d575f3bc75d4ceaea234352c9e45ccae3bbf21

SHA512
a3482c437edfb99db4bd59e8c1fb330e192db4999eefe567d7e3dc652283432f1fc9e23a32e7008aa5ded35117e272f28f8c1795612fcb2122f0978a694aadaa

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\4.6.0.4_0\writing_mode_assistant.js

Filesize
78KB

MD5
782e7a2227c85eb3001aadbcec4bfa43

SHA1
389135ed945b47fbada0a3abc068c8f5c88ece04

SHA256
a3648bf6bb23f94ebb533a9e04e23931a88ba513c671900720a73020cfb4443d

SHA512
fbfc069b71b44d312aacf9872e01ec251951870a8a3a11a15a0820c297d3b2398ecbd8771a96de4612d54a101f42b18399cb2eb4dbd6d742cad455ba278f6384

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\ompjkhnkeoicimmaehlcmgmpghobbjoj\3.4.31_0\icons\32\Icon_Light_Neutral.png

Filesize
976B

MD5
652317fc50ffa1c31961ae280aa9f059

SHA1
b1d349671c4bb3ae9d2d4df92510c8d2ee07a9bb

SHA256
cce36b14b7c5b5467c103d30e382fc7dbd9790df00a175ecb7c587f3615111b5

SHA512
bb53e41ec545514c9d0ebc032855fc63e68367f54162af62c882a6a5995690ea50ae6a042a1e7eb09c5671f1357fc6412ab1235d3e8ddb71071ff602780a3a3f

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\ompjkhnkeoicimmaehlcmgmpghobbjoj\3.4.31_0\popup.js.LICENSE.txt

Filesize
871B

MD5
df32743ed051aa784d347b8223c278a1

SHA1
6614f0ce1e430b960e0a4ed5a0dab97f1a6c4dba

SHA256
1d438fddc659f353fb3db7ab82216a55e71f6aa3afa2539849e68192037ea627

SHA512
c1297c68dc205cf24eea15af69faf14345815e67fc488cc187bd270984a921530f541b4bdd29831305a43d6704babba17534e3f7b2648f2b7633f48ba8228f08

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\GrShaderCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\GrShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\IndexedDB\chrome-extension_igpdmclhhlcpoindmhkhillbfhdgoegm_0.indexeddb.leveldb\MANIFEST-000001

Filesize
71B

MD5
53c5d32ea238754971204f08f6441e7e

SHA1
8ff6e3fe3c4d1d7d845444f762d64d370306e068

SHA256
258715856ad8df137dbe5c542fbe6eee02ae2ff633d8a83e203b5bc5ead977ff

SHA512
6f032cc61e53ce7b7382d8a3e37318d44b943d6d24d40c0973be0e7fb70f1d48046372180391762dbbc98a3fc4bfd16e0fc84f4c7ca85b6a32289b2ae927e7cc

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Jump List Icons\0acd655c-8ccf-4589-918e-6610d590a431.tmp

Filesize
27KB

MD5
0c91300e7cfa9204db3f0ced72fb75a9

SHA1
9c8601215d808b142dc59ae470abd168a9e8c450

SHA256
c70c6c4d65a3d6e7a2c79087478b19f838aa46ae2d4b2dc02bb2ea1a3bfe67fb

SHA512
8fbacc595062964e187dbf7d9773ff7dcf3a10b68a1e3755ef42b0c9b51d35e7f9adc766147acc4c4855c3ff51047904f1d875fcf1c4ea632e465795a4ab68f9

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Jump List Icons\126bcb77-8a7c-4bda-bee0-dc26a23bd30a.tmp

Filesize
27KB

MD5
9b00a5dd96607c7ce9a48a0e253aa5d6

SHA1
ba0d5ff60d32f7654cfa7998224adff46935e9b3

SHA256
354f5ab64937037cc28478591677b9cd55c04130525fd858ebfdb874411a60f6

SHA512
46ac789ea720a69266da6dfa4fdf201fd858a95ff6db67edbf9a5ab5c10b1175cf1522b06d6e4334410bf0113fd7f048bf00d78d5d111ebb50007245e63074eb

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Jump List Icons\1f8eddee-08a0-4fb5-884d-49e99c8b7dba.tmp

Filesize
27KB

MD5
a0caefb97c1150dd209a532206f732f6

SHA1
594a34095c9ad12f7361c9ed15292bdec0f34823

SHA256
fb86514dfbf3c5c1dcccfb952103e2732847c8d32e3417d4db6855fb2d07f5a8

SHA512
808d445bbacf9c3ff268bd50c21c2c301f2ea0cda2ef7838217bd21ff9c9b890d486d99b9be55838f2ca261d572622f311017b812c3cf2d124ab1f3adab1faad

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Jump List Icons\27b11998-3364-4146-af0d-7406be5949d8.tmp

Filesize
27KB

MD5
dd8e6df155a2ff5f53f81679d8701c70

SHA1
392045fa8c2bbc94b569ea3a70068c8dc8d34826

SHA256
09b4f9a23cfa587b071052ac7cd4803139d3f1775a11b4c552b92472d857f460

SHA512
bb1b9a80f15288056a5792ab509451e841c7ad7b654fa7bd5b862bdf298ea8421c201b237d9cb4f0b64d46c40d0bbbc229161730eca3d5d957e12be515764145

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Jump List Icons\424d0da9-6925-4914-820d-197ed0b6961d.tmp

Filesize
27KB

MD5
215273824cf72304bf5944ba076dbc10

SHA1
478d0e25512dd05e4ec44b05f31fb206f2f9f3a1

SHA256
af0c7a6ac2aa8f264e03a5ae8534b66d4d596df1afcdb7f64777a02de4ad67ce

SHA512
53d4984640f3f4b0ad287086ea922a01bd7f1970f80eb515815da06acc3a90ef17fae79af6509e9e88a26283988a3b20917e974d15d32dc0637afba6d8c8a23e

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Jump List Icons\58992bd6-85a0-4f5d-9f96-d3f90e09e677.tmp

Filesize
27KB

MD5
6b418344f43ff827b75785b45e8e33a1

SHA1
22484a95499dea4ac2a3642b5b640174a5232f3f

SHA256
3580368f2c00b14dd7e54aa1f642ecbb1ee99d50fc13470b1d6c3174565faab7

SHA512
e3b1ef7b7909e49156e66bca98cfc6683de3cdd5bd71863d35736b55bf964c798c27c1b9228fec6a1d99befb480df3dd9fdc2916f7f66117b2981ecb3cc3d199

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Jump List Icons\d120b648-53f8-4966-8470-4077a99367bd.tmp

Filesize
27KB

MD5
563d3b0e05a88cb1f087592e0513dd31

SHA1
1e5bad428d5da8c480e37cbd01eb4dbfa4cb777f

SHA256
909bba44e20b71eb1e0edc84221ac8d8180d14da34753a3ea3318f5d18983a94

SHA512
2b5f6e547cbeeb9178391d4ff1a876344082a401610fc1dba6e888a818c2fd8bb3f348d7a988937efb9fe3c53e1179501783de35dc43509f26e5e4050f9f8a8e

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Opera Add-ons Downloads\macagoamnffgpcljfhmgiidmiahgibjd_61712.crx

Filesize
10.4MB

MD5
6e52391b067c5997e69af45c23a99b25

SHA1
3d0152cfeca041f58576bf950d47cc4daefd3e9a

SHA256
401f423c27782ea48296d2d245a8543563a0f34acea551c6d239b870ca3fc332

SHA512
c27be0de53eee5bcbaf5e4d9e7077b4d9d03ffaf643b2079ee8038b0a1f8f2aa22a164f54dd115dbd5b75433e2397a65aea59eff8acc972813339179a4d1290c

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Service Worker\CacheStorage\3f89513be45eaa6ed6020035b50ed601a651a63a\5e8080db-c471-46af-bda8-43b88192b335\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Service Worker\CacheStorage\3f89513be45eaa6ed6020035b50ed601a651a63a\5e8080db-c471-46af-bda8-43b88192b335\index-dir\the-real-index

Filesize
1KB

MD5
95f721a485d497a9b4599eaa870186a1

SHA1
0c104cfc10cde5eb177fa58196a6c10d4c036d02

SHA256
d8e8ccbc31c4e6848409f698724f2a17c61ced62a3fb924350bff5d15e5f7a80

SHA512
db94b9258e27e616b96b97088443aee16a51a3d4beafa2b64d21c84a36ec71c7eea64ee9b5db4a9e61b501ae50db40ca7ab6b776163e09690fa1b52e4933b9c5

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Service Worker\CacheStorage\3f89513be45eaa6ed6020035b50ed601a651a63a\5e8080db-c471-46af-bda8-43b88192b335\index-dir\the-real-index~RFe5e7f30.TMP

Filesize
48B

MD5
d3cd92aa33b49fabf08d4c11f1d7ed10

SHA1
b59706dc0dd141c58c1a21720c55dd37b621bb11

SHA256
b81172f4b9e161f693a9102e46f4ad40147ab725ce22e346c5042db5b591e17f

SHA512
f59b272062a4d90fd5aaef35afae415e31e2894d24f93d9c9037b3de46c79625f9133f4f06d198633193a6c0e3e280ac7d048ce7509c17a47aaba36e0c30a1a7

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Site Characteristics Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
557B

MD5
01cf6b1cb31939899a9880828e654552

SHA1
5b57609534dc236c6acd8e6d306ffa3c7ddc3f98

SHA256
7a35da85c81af5abc5238d9d0b17a04e1290883c94e4e574f26d34da51817860

SHA512
f302891422fd517c32cf66a7aafa19a3722545f15768a35dd0e2d873abeec780dbeb881cc3c87296efb39a77b077a3aafd297d117a70f800bc9a1a0c5fbf3c92

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
1KB

MD5
c029322bda947b9876e1249617dd56f3

SHA1
24d2794a6efe52f33c701ea73742db24482ad866

SHA256
d5d383f1d40ffa5ee2eb89afa74fb9672bad66e802d7a1353457608b3479ee05

SHA512
3f5b97db6f816f9e5969a00614527a21fe8c487994f4faf48fa514f15e8514144e3c83b857bd4d7c7cb9b317570ed5007438c0659b6f9e88d09e97d34a5d0a03

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
1KB

MD5
e0296af14e92a651c32eea98b522cdf2

SHA1
fc6eeda21b027a5873a2b96ca1ff91245f78c0e0

SHA256
e62544ad47ec8338665ac4a7b93c0a1696b043f5694d4c87a682f414a6fe45bc

SHA512
7af992545721aa705a2a3a416812274914901a6a3e0e6cdc57128737a5fb38e1946371454a7ce9826b1e7d1de3829a8ab20da69cd2e9fbec9467053d85c454e9

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
2KB

MD5
c20eddc3a3544619b603e264740feca6

SHA1
24bbb20521fe4cbe5594b8909de36b3f8e41265a

SHA256
3593b4e0b829754368de17a7fa86f578422f1198c4c7df6c8ddc3f03ed971d7e

SHA512
9c9391cf20bf8dfa82090f1bf60f255d00d1ae6a2674ce50929eed1470fe7b4afe0396d1b1fa151ffc39326171d7154a52eaaaae2fe39a97680c6d12f632a1fd

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
7dc1d1ae2985c22ba94042d70f8114c9

SHA1
a3a1befa42b86b7efbf56c2fa99be05eb806276c

SHA256
b8f212b81404087866da712c9a5d9655a611fb4ec4262ed5529b0a2854e7459f

SHA512
89b160880fcc944a916601a64cb57b3e25e71bf39426574cd9d159a098b1c4a164bcce03f1e9739a668403fe1b5f66ce211725f2dd50ab4f45113411eb70816f

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
9KB

MD5
449f59afafce9aff5e043ca18e48cbf0

SHA1
a260f6be1c04177e71738f36669b816dc9d37d9d

SHA256
44cc0a25ccaa31df61169af6e878d970236910ef1d31f1fca4e6f096dd82430d

SHA512
082b0bfbf451eeb0096ddc7476c62cce5fd7a44d24fdbeac1687bb3bebe2d1e9f473f99ea1bd12a8b26eb1d1e59df51f5ebd89083928f3e6c253124b29c21a12

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
9KB

MD5
b3e5b9a0f48ecd7ed8978b9fa9fc8a44

SHA1
f5c028bb3d1e1abc302d75e730449684de41d913

SHA256
d93ab5c5c657521eda1d888c1392468b32c04555250bc039b6eba478090b33b4

SHA512
1701c0eb77d072fe1fc753013f961abb9c4122c0c3b42f1be1742036d29600adcc9727346ea822d095fab2613931537b3f3f4150df4e0e81c559a2e9d720ba23

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
10KB

MD5
ae45b2f868af5975e2a59e870cc330c0

SHA1
243b9174a601c3b22ddf9e08bf80d0fa2f15ffdd

SHA256
e0c55b302eb67d20963848e5df16a852514697f9d312e341100d5ad66a5a7dfe

SHA512
d9f39cf5bc31dceec116be1f0f4defe687f47204fb42ce7de4539bcf04283e7e34ee1e84dcbfd7fed60a13c9e3ea1e31ac77e37e6f235fd5e1ea43a88a972134

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
10KB

MD5
850dfab14b6c6247d88a860b0b7cde18

SHA1
9910392eadea480597b3272c0e93e0a094041962

SHA256
7b8c2de99b6cc0f754b21ba7c78d1f06d3eec091acd63545f741b49b0f974271

SHA512
edc29b225ecc70bdbe47f9c75500dbe88e7110e05f579c315059af3ba42169fecd90b0abebf95fdb4bdb23e487fa1612d812fcdc113fa7f4ae4f8e8785360899

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
10KB

MD5
235e4925a2bb13a8ed6265ea2a86c247

SHA1
2ce23251ddc30b6b913b33f53c65d5b565570718

SHA256
8345671dc2a174d937bb1856f5ff37124e7f0a85b3cfafa6832b006c91ca6593

SHA512
c14ac71a17451646b10897d73dc018b6463ccd1ee26245c3253384d3faef457aa90129dcac4ead3436e70a2c62d5f64a696f001cc4d61965f5508392db9fe4ef

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
10KB

MD5
a7c12d9c4dcb3ba6b042399c009a5861

SHA1
3915a83e8e521cf5e0c496639d7fe7dc20ae802a

SHA256
565b4439d32ff0a2f23fa3e1703d10019bd9d8fd88f75c180933d2663557d6f6

SHA512
cb0f1098996d1cb7b2fb8e543edfc8ce8ce771ba7ab4a92750dae7d5c51182e5bd06a97560f66ee1367d60b4cd7d0be8fce04eea109619b6f5c7e4b05cdfb259

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
11KB

MD5
a9176068a4ccb4876141aa654dc258f3

SHA1
63bfa74e57146c80b603376aa2b59bbffa53ff9d

SHA256
5fd4bee4f58473821d0203472b8e3df676cbd24cc5bd32b899a9bb0db49a7591

SHA512
ef34a7b5789eff79d5b4ec5d233c8e38eccc0825fa790b42b82247ec0fd497f1e2a1ea89808e17385fa2e02553ec98e9351d595b3cadb77797e0a096668a20e5

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
717B

MD5
f70aa31b4738c65b36c53f0529ed682b

SHA1
42a0402b90e9283437ef7ebb1c8568c6a92e6e76

SHA256
5d12109e95964b30ea4dec6c9b98ec45f102ad5f0e5885feb41a37c7aa836bf2

SHA512
7c33382f2d17191c5dc8c875e5c4ff6bd1423c1b0a479c3c1ee884055aeee5955b468036fe379ffdf40b356b2abbed0a1d64a5be4989dd9a8bd50d8a0294b482

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
813B

MD5
61d854a8f175fed485076833f81f9778

SHA1
aa106ef35d20671cdf33552db34ece92302fc0ee

SHA256
338bf2ed5190e589a5c92fed42d2a8ab5931438a085ca5675d99fc910ad4f2b2

SHA512
9b802e69c1f4f92c4022c891bad7c22811b721104e0be5d941e15035ffc2316922d652463b2220684c93063259da28d09f5e6eec062e483db0d9d056d8bbe7b0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
925B

MD5
417c19ad5348ace79d48aad0a2ad7d90

SHA1
1bcd0add9132bedb890241d1abf8a97b4de2edee

SHA256
73d0cac16695ca8efbc359ff3ca09962286a4ce451df71ce80a058ec0e89148d

SHA512
3b558ca914dab7b59463c8691d5cdc7b53bae35ef85d88cbc7fa9e2fee57bf9638dc110e233c501f406b92b9c55c04c1ca3e30237df3fe1ae6a68075ceb8f663

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
1KB

MD5
767f37c5f4f76312d5695aabb2cd197a

SHA1
7cd0327fd9a24315b08618fb92895248748d4c66

SHA256
2cbb230a9e42695472e9a51d817750fdbc61c288e49d1c5e20e1bbb135718a6c

SHA512
869a451b5b18ab2a38bbaed0c95255269f0790bf83baa8e4cbe2cd4f15ba88c7312b4d038b90594f7350cf24343e2a5cb2c53bb3d15e0660197f7be6a8c2fb0f

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
1KB

MD5
c2c3f1d966b9b76d774e0921bacf453b

SHA1
65e445f5e06ada4bae0050e129467f276ea3c93d

SHA256
b20975c361e0923a43ed7c86a0bdc07f3594f25e6979b76918b606854e50ef34

SHA512
ef1e8f7722abc8383c0f884b5a75a1ee4aeb3f4651a95f3428280628764b18bd9d2e6a212edd7106bac487174de7338acb2e34437210e2b259a47d401cfeef93

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
1KB

MD5
c56c213ba40aea44a59de099996cdeda

SHA1
b6cd36e4999caf2dec3ffb6724d736449ec8c5c8

SHA256
035f4041a475d72fcf644b5192d960c7464d669ad6d64e3f5ffd950065ad2c44

SHA512
1501ff22c1111d98e9a23c2790b6fc2c3d7bc18a94a87b08fb1f4276c6a3df52d6f552c483bd4a984c93be37024bc07d49c9286215e70eed8f799974947636b4

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
1KB

MD5
df9a24832b28eef706259f341014ec3b

SHA1
59c7648338d482ded3fed8d8e4bdf2d633cdeb6f

SHA256
881b0757f98ae0a9ac150a339eba4732422bda72b06abc810b7a31882a9e9557

SHA512
40eff9aa974874cd166603e0f25cd2d4e118a2ee14e3e94f40d73ae29eff81332dd7ec4a2a1c7dca1e9b1c2e66178a2398bcdf64a37c96632a7c57176e3687ce

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
1KB

MD5
56f18957795c0e75b65514d740f804b6

SHA1
721fc56926adfad98fa26871f4d0808728a36c5e

SHA256
1c3f5b490979873007d52e87dfedff3607e461c6ecf3e6e771fb20ec0d3a4e01

SHA512
450f45e8f1a49984b6f1a2390fe33e2ed7420ee72c1a1aee44f8f7a6b4e8ed189e1f3ed67c9bf98337ba1cf15115bfb669b22be104ae95d077a2ba55eeda24c8

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
1KB

MD5
d344fd2e12f1c4e9633aae1189c4507a

SHA1
118629d478e5f492bbe23e22dda30760963691f2

SHA256
5483249900e5b304213bf78966f3a0d988c460aaa9f81336b97d4187cbf1aca3

SHA512
613dcc0f9117c4c6e35c76bb8f4fbe5214789974e7789d6b92c4afb2bb38f205b1eca1fae31e7dcb414c4f1816c5f3c8883c6ddf7bbb531a9ba6c07516cbd9a2

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
2KB

MD5
2306acfc4b14db9aa7a6c1a8feabc0b2

SHA1
ae28d5b5c2566d57ec97295782d1412dd7914617

SHA256
b7909332d82a971a5fa1135b714aa3a97a502f6af75c7ba74aad4eab4b323da8

SHA512
3685e3d638450960204a7fd1e0abc8cd5e0aa6bb9f053f133f621edc947564c942c6973eee2923254eccf1264f2fd564f4f43ee514d673e7e671ff982016b4d1

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
2KB

MD5
f30c8cc732a0aca3217f94ef1704d783

SHA1
7505fa6a7d69a273b77d87050902a01f617eb4f8

SHA256
bf8044daf6065240d234255e72795e48da4b99a6ff6e6230593f1201c7a817b3

SHA512
b56c7522a34bfcb76213f291f0b081e3ec620d035197b26e99a5ebd74fb63e8424c8a0ce13b468e97f847c7f9ce76a8759f228463fe521652132681981d74d84

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
2KB

MD5
062a3405fb4ca8d21407db6f89ad8445

SHA1
7d5129bb05b4fa860923c930e1dadaccec17dc51

SHA256
27e4edb15a0c1ff8612190c0cc11dd0e5dda4c6e3773ae7273161639dd11781a

SHA512
f2fdd5df763e19bab57cf151ff8c208310f8e08d4ab5af1b33aa73347c100c3408962eb10f48533ac4ee785d8bb6ffb0691a8925a04b9e857eee863a919c0e21

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
2KB

MD5
96feebfa9de02f5fdbc016d10319c04a

SHA1
d3b075fa76ff443c3f20ca3853ae97265f7eb7ff

SHA256
c28b70a0f203f2949c988785b7fa0b900e127ecbc450f007ddb809469fccb5d4

SHA512
cb7d7951001bfc195d824d134d683d253f337d26db1da855aad2ec57ef319a85b0291eed6714cb2f02eeceb057df76c1a13f29ad2a02c06b642edc3d3aff3d2b

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
2KB

MD5
5d1b9cfe4833a7072d3f7c51fbcfce9a

SHA1
f1c0dc46fb8de9eb9754e31d2a4a9438f377576c

SHA256
0af21b4e760d629be3a432ed96175df3ee12e79c2bd2704b57b961b7f8c25582

SHA512
e668d75a15e1f307f9aeb39a030f840fcd717c90167d497816ae3d530e06c90a07dc218e748b1ea6f12ab1a3bb9ae64cb378863294aa7221faff4f70d646a88f

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
2KB

MD5
08053934af5151978740d0b3d29ef71e

SHA1
ab323efeed1b8d76b29826c1aa999b6f4f56b025

SHA256
911deaa0556251a5738cad4e853740018d720b0e7fb8b717dd34eabd203b92a6

SHA512
0faac8503b8c1ef54e144643be9ec57bff78b16e07921b4b5008d5e1bbf865fbff9b12130f5792db4bc062b4c6605ba0a021f875182a5ac74857cd3182b3ccb1

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
2KB

MD5
aa12e77d3a02ba2422a87e3ce82ec520

SHA1
3b7d5e4041d292b195a1c4307c3caf2ab43ab59c

SHA256
cfc40426d2f21bc09d497d18938f64a139ba206e6940bc41672a3d42e85953a8

SHA512
a8e2bdb4a4736831f85f57601a8bcdc4692aa2d3064d34300b92ab18c4dfd6f33c49d046d45b80a6b2d7b29c0cbb772551545d8b4f5da44746f0d4eda63f629b

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
2KB

MD5
5dbd83204342c07b888240806e3536ff

SHA1
3f50a51338c14fecc8f4b1faa89c7bb2f8766645

SHA256
f1fd545a71923920d6d774c038a525e2227a78108c2cd0be6eda231082b51d9d

SHA512
ef0742a936c2f4288815151d8aa337293658c377c39b97b352c2a2be63ee031cb88b89920e61bc2cce752a77b2d10a60bbbf2372d37d8f52706b96d0730cad30

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
2KB

MD5
71c6b3d4a6bcef2db41c31b149853f0f

SHA1
02600d33616a4b35c82805d2744c26d16ce6c7c4

SHA256
baa4dba2a3bdd237a2b41e40c3ef209dca22ba9e4486853576df591a0313113c

SHA512
c78e20867d17196c342d3f81bd85997144f4bbc482983e43a83d0bd5cb77a713754c072759190ef0c2617174a6a159a7e2a3a3c73a4e9f39321293c5c288a57a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
6KB

MD5
4a57e1eacaf8f3d025733a747dc5006e

SHA1
f10b418f841438d847a583e6dd674e296295c4a6

SHA256
c884420e6b7038df491bc5cd95879cf309df5dae3d53ce17f7a901127b2ef94e

SHA512
35500b8df434626b813186ce65ab5cc1aaf7f048a40cd44227c228bbed8cfa6d3d91b5d2e321ba9e212a726b5361e1a5b0d8018f6b61748114884aef7a2ea6c6

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
6KB

MD5
20b4674794dc05df7b95134f54025c91

SHA1
df98374dfa3e2952957435c47104519a43a0fcf9

SHA256
dcdcb5723439495037b264c5e831c1df58ef5e04aeb2cd638c5f3413ae41667c

SHA512
e69f4b263fbcb51fa29ab79560987c77893643b642c0a45302a2277403023cabcdd6f1b5a39573aa36426c05f66131b3acb05a0e41f51f9d87e4d28fb64fcf09

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
7KB

MD5
32366e3d9d7337981f7f02a141a38360

SHA1
821c989350ce0efd9326a87933d47cbe247268a7

SHA256
1ff83717302c63f9ac32fa2bc605cceb84dcf1d45b6c07004fc7d4654a04e8ba

SHA512
213a60b8d34f328732e431a523aebc8387656d67ddd5cde1e70ea727a540ed09a0e0809e80b5f8fb59ac27f6025f50e6eac6b41ee0b03f8e138bddfda30499e7

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
7KB

MD5
3e8f7d73ab642bf922815a2daa75fae0

SHA1
a1cd532340090e13c3c867071ce1cf1833bee517

SHA256
db6b24b6f7e8a1733b973c301fe48967742aba17646936308e7dcca9554b4997

SHA512
249c09ab73ad197d6f3323ac48df6b86f033ac7794514595e3474a132b184a7673484ae77b6d57db4eb8357dc865d87a403915691123e715b745d1d151f9c2ee

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
7KB

MD5
d5cb9558b627d2989bafc68f6ea5c5aa

SHA1
b28fc4f53c65957a54b69df2bae47e0dd210f18f

SHA256
bacfcf2a70a77cf6ce5a5567d5b39024125e2e76e9f53cedcd868abff7c7d51d

SHA512
6cc05c70c0113470fec2c1e49b127b423f3ccd4ca41e3ba1cea50671c0307ff77ae4cb9611b20b9bf75787dfc2741c673de92cdb67bd94e333ba58004da0aff9

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
7KB

MD5
24da738aa1e89553029b5d81b5649301

SHA1
ee8df92cf7e270618621d833be6097fff1e932d4

SHA256
51cb8b72f63a2d8d8b5c2f723b717fb51c118fe1239aea4cce0eb81ef6eafc16

SHA512
51b1fc6464a8d0b80b4c0d75f6a69cc2b0328ee27a5b1a4b5b9ef437a3e45ec2086c407c13e4d6e061062a0dcea4bb2fbf75f600358eca53c834cee8114b22dc

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
d942a163c548dd78d819dd806d089bd1

SHA1
b89342bf600eb1c0c1185ca71c456284fdbe747b

SHA256
09a6d8982aeedf272bec0217c3104bfaf629d94ca96098c19fddb6b26b34fa2b

SHA512
2abb6ff95b9efe11f96b70ddebfe16f058ab011a1d796573e6353c0e85534a4ea34c268db204d7ebd22b46ff790bbbfeb604b5615bc9977639474d2f80b1f9d7

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
4bb7fecabe9d6cf8f459dd5fd9d509f0

SHA1
50adb9a204d4d62c534807d2b076474a35ff40dc

SHA256
4e26b189289e294404add887cab7608266d5d653818576335d9f801b281618ff

SHA512
afd0700f75ebe36015643fc2cd6ef7a69f7bf48ef915cb184fafe92dbad94580cfe7b831d1c561a229d342594944025160b980b9c1ef3f7fabb2143ad150fba4

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
94abf05026f45eb0d25b09425ea7bed8

SHA1
00485d814de76c097b24936c60d4efdbe03156ff

SHA256
f3e1c8af4470feecd06f8d388cc98cb06eb5ed430b50366d2d9c9faba92ff6b5

SHA512
7ce0738d8a724115af682186d049f3076730b91a30822c37f1bc564511595e25a3f2b67c34f02c59568517a79672231f50bd1f5365509bb6cd64f55b0e576238

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
a2223895f4b22bd0f7b0249263f82880

SHA1
054d0c795e9f84db623510f336a094c8e137d525

SHA256
ad1300d431ad456f9646fa4be792a515e79fb55a7d25228fb5ecf85efbd12671

SHA512
5dada59b4ebb28a316c0d3046a1e566ac2a5a6a18ec78f35c616a3ab0d08c8271bf61f90ad5fa2c16803485580ebb3847dc47eb1cba5a8dc7e74b34a9521d7cb

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
f87bdc93fe1b24799a8386e47c048c75

SHA1
ea352d3e7d20ab5ac84a8cfdc6bf21d2a5271d28

SHA256
f4d235d04574167ecf7ccfd9c2f2974f02a40c37f946cd4cc64009a6e6c6b014

SHA512
04a56bd8a18a8f8c4e9d986759ec5206a7b49e228d866ac8d1413447b04e566fe6fdd81d0785e219e851f4c98189301a85b9e5721af66ff2deb6d63e19eddbe4

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
6bb7ae438e82decf83a65fcfd8435585

SHA1
ec35add054ec834ae28d2a56a545c1cc9e8c9e9e

SHA256
17016923eb5a7ace7a7e5bf961435dccba160a119007facc6191e2afc122388a

SHA512
cf7cc9d08ee32aa4462b3dd1947abf0d86573fa9bdcac647e7f64e0df3057ca0a7c6efd75147e8ca6aaf2ce83fbe55dbdab799097704f4c13e98aa04e7dd640a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
a747245e23bdeb6a5922369762b300b4

SHA1
ec57c7bbe1c6b86742984e537f9eeee20f9e157a

SHA256
68995eb0768c86217fea227ba409a66a8f330e566237fcdf3ca7b020287271a9

SHA512
f1462d3ab4991d96d5e54c159d5436d73f69d0997f0ddd8e5fbd0546241b41b9ad74b1e29f522c546d943004bd1e8a29a7370fb059f4a9ecc1a5442ca213a7c2

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
68bb5a06f6b8d287278c7cc9a2b0a023

SHA1
0a7e26cf282852415ac04a769ff70e884c7c54f7

SHA256
8345836b525e4a5372c98bee74faa61c44718ce4b2787e5f1d084fa8a91142a0

SHA512
6c98824ab46bcd42d32e90f8fe797e8fd12c35915ce44fb3730e071dab427d1c725cd09cc70c3718bd23b6879bda77e95354a8d60e0999123d884dc95b9818aa

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
17ae0eaf45ad8330a50c12533830a59e

SHA1
ab1f22eb0cdea25050ec13790166541adf202b07

SHA256
2b37d6bb840c504bea27871a99f1c897b23402f798e93f47f5a2e592c3a355d8

SHA512
4fe13d552ddbaea88b5885267c85cb23188c6384bb3d8d6e12c73e3779dc1fef292c08ed20187f0e593f3a251bd7b32f18b37d6d44d025ebf1e2f550811c2cf8

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
d1ea22db7e3d9f8850a7abb475996797

SHA1
c09c53ff7b9223357bb932aaafa62ce9b4d800c8

SHA256
510c1be6fddd0c48ce830c375484129cb8b66512c8ce8e02978fca94a78d9437

SHA512
99448e7b485be11a2ba1b7cee9f35dfa3bc7e1752d3e1cee48d8e19bbd196764425ff94df122171f2e59780eecd8100007292a6edd97303f00f66bc93db19cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
7c16e5d1e0d8fcb3dc3e6bebb3e1d600

SHA1
2bcfc3a738c4b21bed949a9b0804b7eded05a382

SHA256
4441c136945df7640e78fa6075c0fdbb66af9d81bf9858e5e308dddbf5071d37

SHA512
cd8a461d342c21e5450778779c1565fb724b9144e5c854fbb79263a08f8d122495251fe37d2aeb28da13486959cacab5c129e6ff11e925a062058671e2ffc44b

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
bb03f70614b2cfb8f112dc7e6cf94f19

SHA1
974a4c8aa5fb184b42ea623e5e24ebea441c1fb3

SHA256
0ce8460d346372391aab43f08622f5b14213cbbdaaee97f8d7b53c537848e911

SHA512
2b50fceee6362e6b4832d91d12787cb731f2bad3dc5426fcc266f55b2672e230139d85f311966be537a646d63522802befc7d90b22178e3309441f8da356aeab

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
544e3b82035ca15725445a761785161a

SHA1
918408ec9cbb4ff07a181c35d9b587ec5ef5d65b

SHA256
ba09791c4a0bffba5021138e62647d5c6e642c1a0c0d67d6f970aca92c45cdff

SHA512
c29b7025cbf9f390abf0aae6d4d2052bf38311ecaa2ec5646b58f30c54ee5238ac4aad8b4c22a315b219be721d162c5395ce2665b90a4350d4d0d6d3b5734d3a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
80476b7b613019370d26a925e96cf780

SHA1
edde48932deb80e4773eadb7d88bb8190b1ca0dd

SHA256
6b439d3db65cdb04c38b17742a3e3b8517d03de2c0f7ff02ced4dcbcc24bde67

SHA512
902eedfbb41e732ad8867c03543362624307acf3dfa9d995d31c8f841cbca4447d828c0cd5911648eba5770129032a54cf963a87fac7be075ad096307001d769

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
d12db851697be280c2edd82959df1b62

SHA1
4dbe38e461f586c5406efd9aa6ebb0b33bff81dc

SHA256
367559edc5bd48d4a739cf4b0e71df635f2828ef7077e3e1b29cfe9df0732b60

SHA512
ed28a32d80a0cc0128e31d19f2480738c3218324d109b51c06aece8c608f8c7b1ec79fc211feca5f4c4a0c4b4ac5004d7b3f4c11c2734c0af83085ff0cbdb086

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
dc8d0239f9738b7c989016fdc6825f4b

SHA1
829977c58e3c5619e491719bff574b6517d4a81c

SHA256
55953c70cfdcf2aee74bb8d822dddd18ebbbe1c1ede1652777625670c1f60df1

SHA512
d42143a0d54c043828340c801e90acab74e1855d994b3eccd2a6c7533d423c2969e645db8ca5ab3ad231acd38100c7428d88a57e9c22baa4c692773d911a2cf7

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
d4cf370895e285e2b8dfd897c9ee09a0

SHA1
34ca15160179eb72b5e943dff0fb65c79ee6aa85

SHA256
41f06f4fa7e6af6f71fd72ac7931eaf38b7e8d793944c66bbc79cfa651fd8228

SHA512
7dcae7eb01349c59a47e1ac5aca52ee0968fbe4021e78d1a44a755efd816215d9cbeaf1a78539fcda5d1485fb55460cf7c75f0a5f2a0c0c5f7e965855b125212

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
af331c53275c090683a4c2144ffe1b5f

SHA1
b4d6469a35b4f52a25f845e35609de1a2cbf3af7

SHA256
e4caf64cd69b4d6d0dbbc13d18f1a957299a95a81719c0f3603da42e0cc3147a

SHA512
1fb656024674a5b3533f0d4425addcba2669fdf3c01196476500bbcf56bf298a9d4dd22328c41f03760e2669998446717272a2527f87ec89ae8a9bf2ecbabf96

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
80c60da4c748869048fbd5827253978e

SHA1
3f198a611f7d42abf6343e26f09510c0e2a07521

SHA256
9b42e03838879dc3e3e6538ac131c1dcf46d9a776b824745ff33414e8938da05

SHA512
644478073508d51099ce4cc674e7253d019f102205046692593c8e04802c46be7f5a90f77402750770faf8d00aefccdbf45444137ea4b26a576669685f4313f3

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
9KB

MD5
4429c28613c7c2994d604590e79beaf6

SHA1
e905eb4eadeac14148bc28e12a32d656bfdb8ad1

SHA256
75a5122b5647c700df337a11dc62d194ab972c40454154e0140d1ec47a9dcf7a

SHA512
b9a402fc771841500eb7be2693b8876215179c557a9e6c802954e0bffa9e42e1d9b70e327fb5ea1efdc7d9f9feeaf1cea794f60c1023dc77230c2d1ac06565e4

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
9KB

MD5
faf3451587061d40fb3cf06be087de71

SHA1
f2b0c7854fd305314b23415876be2cad603ea7e0

SHA256
6a72dc35675c512fcc0f03ff93064d44c3f7df4c33d7f8636f0d223741df79bd

SHA512
8f51d63cdbc11d9382719f858ac4715a1977453cdcb3872e693ecc5ab37d5157b44dfd7a482bd08e0b577654455f5a29a0592687c5bdf839a9f8738f87c9c1a1

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
9KB

MD5
dbd00e654b4f60b6e14661c827e247dc

SHA1
e61b89f9150514a04862b21d633bfdc455659da9

SHA256
b49ec3d99c664db015b135baf90bb52f886f18f5abfa82733a731f115415fe98

SHA512
b12810ce011cb2cd1e498762399b70c6df62f64a2df458f96c24c21529c198ec941b2ed92257fa22520cc51bcf5d7a7057fabf89b94040ef718df364f860b954

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
11KB

MD5
fbd7235865ba98e2a2c2df9583b1acdb

SHA1
0806f37e490d5bc04d883dfa1a8684970b7cd58c

SHA256
1ff2545ec4bb598d6083a288ed291ac138111f5132f23aa843c62559da2fbbee

SHA512
76482cb8078fef25d8cdfacc804f4b72aecff459c0cf0592ffddb7dde104e8e2cec1d9e37a210603b90f07695c1cd950481f21c910ae84bf0f1853f8d31998a4

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
11KB

MD5
8bea98e7c71d51f0f2bdeb9c56a123e6

SHA1
f28bfe4c7624c8a8f81bb8d931446ce695c18f83

SHA256
0f9ccb7c028dbf51aa3d2698065460085097a72cee184c7607c1272db1fa7c93

SHA512
6d8b07265618d6ab09a0367ae0c7e405446f6fa0277dd7cbf0bcfdf6181b2957ab3d0b2365ab2a2e47d6c146dc3ac6ea92cee4fb30683f6e490ef934057a0434

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
1KB

MD5
36a956e99a74eff3a23f535f1035f18e

SHA1
b392c5130b2395a07bc5eeb37ebf7cb9259c272a

SHA256
89989e41576b248703b35ce911fdad1854d87e25df36d77cf93544fa5e723254

SHA512
605533c0d343552d8b52f867209cb542e9c53accc762f93ec14568d003b5770affce5970e4b7d41d55d035757e4c48d8b31cdef0098de27c5890b5a1fc566dab

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
1KB

MD5
f49add9830a3c11a425971f1ad6c1a2a

SHA1
4a3196eb8e6591b6aa2d33e79b35820bbe50782b

SHA256
a688d4a1267a1f36dc578d331b21fc43cf3847e8c0f8470b48ba34a22fcb0d5b

SHA512
e7f46f1ceda05237aac383b11ee75a6ad6fcfd4f04085dd3d3c3f41e94039fe86ff39ff16c4399e9bfb89e392740d268127c1f376720e949fa368c2bcffce607

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
9KB

MD5
beecc0986b9be4542ec9c764e45a35ed

SHA1
6dc1bc3b19e2d2f1920d24b28e7b7bf55eae1032

SHA256
fe5e0ee8f35d2d788fa584b58c15d70261722b14726df016edf95c00f8977e37

SHA512
3d3d80441b1099c6f81f9be69bf05981f4da15e5f62bf0d21571e16f77be7f94f2fc5db9fb994a36726b6c1ffbfcc9fb94eee1c4df819e7accbcc69b4dbc6075

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
9KB

MD5
b2b01c6b642c38109d2155e028659df9

SHA1
8f88f0a43ad2d46b9412f318da73fad1edbac962

SHA256
12013af53e86a57e805c92afa8fe9dd6588c0edb933db057095b4a7cf98244ef

SHA512
2297156c1ffaf7ce6237f9054341460138ac852f228b2079bde991329951f07ef47e67d513cee028bbccef17aff74258b813b491f7594cb058fb96c728bb6b54

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
9KB

MD5
44dfd1f4aa25c1959b7f16ed5d2aa1b9

SHA1
c7813e3b98e03ca0d3415a8962a5ad3d4bd715ad

SHA256
34e232b5603c1e75834f7159b076447026217908ef9a44c328764c104bed6c73

SHA512
3a76ada8e20f07bddbdc2c74e20fa08e21d77cca15320247d691de60ffabd015c6887eabde43884e1c7eb5938ae74ab660f968f51e31bab1b24c47227dfc40ef

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
10KB

MD5
1315859ae77f7efccee561f8d769499b

SHA1
448aa07cf9e391751761af2d62704e781e566d5c

SHA256
caefabe455ceb223596c563044e5c27084065954be2563dc6589861ed24ebed5

SHA512
d94c96d06790043c8a8727c47759437ff65a1701b9d57554b0077018e96b7a3ebd6639c39d47e71879e2bfc5fb043b4ff523a27642ea1c4e53e54742b879f675

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
10KB

MD5
4bf0e0f982471d20607d7ca9fc4530a1

SHA1
3c46d8e5e9d1b05bcd7014db40badab34727ba6e

SHA256
08363b9da440279fb67be0fcf1ace0e9dfc962bac0a4f2cf14354355465decf7

SHA512
1a6612964aa0986476e53aa8bc9bf19cdacd18c77e7ceae20db62c65110a92c8608273760758deaebaf01217384a3376ce1e8a30a8c72c42891b4e86632c161a

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
10KB

MD5
e5b4093533c2147eebb197aaf4458991

SHA1
6ba76eb01c9c53d8a8a9cb1590ffc51dfc3456ca

SHA256
569368e70b627c2d6f8e3c13e79a855d345cdb7575e135a338e3574a627c5392

SHA512
464a9232cf7402688556607aa48ba10b82c65704d0265886a641b97aed09b37686f43c4a2dbeafb08ea54da534186300341bae4fc8a9e883ba4458f5fcf1d3c6

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
10KB

MD5
30a6abc9a281af4be57307eb40741874

SHA1
61a0e07a66396a6444a59d9a371ea645a1e05a5a

SHA256
648900a39840c9802d02d8920f49e0e183d15f9cd6dc74b6ca0a34d3882e72c2

SHA512
443acb7f07dac1fb1419b6930df44aa9f17751bb9074c25fefb7a8c9ba4552ce96b69636588c8656148fee47fbfd33ce9b2dd765e8a4143e3ddbd877a57ee921

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
8KB

MD5
25f5a327dd5a4920d634f59a4df4daae

SHA1
1c63bad8b2b9b2d039899eed2179d9e5549c5748

SHA256
fda273f96a075409c5344316ce5df216f8c6aaf7b1e2e58c43027d6b735daf8b

SHA512
52ddac568cd0ba89a501cbccf847f9d01b1e1006d53f9df46b823031ab2af3a448aafdb779d7607da4d89432c91e998244c467d9e55201363c22653df4c6aa2d

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
9KB

MD5
1c6f1aa1bb1edfc636b1db77d6aceb1c

SHA1
2c867a74eaf82681dfd5b4101c64370ffbf9e2e7

SHA256
28290b70669a3d63d0fe88ef587d7c1a4eb9d5cc8976dad1b601afbd7056732f

SHA512
016aabfcf133f73698107a120218d2ec908aafd3fa28b6eeba2148ed60663960ad4111c4f5a4e25c84ae1ac00d4a66367ebf7dc599507d784b9b5cd8948379b0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
9KB

MD5
caa5e4daeb2940b6d669577ab125d4bb

SHA1
60b47da296813d5c2cc4e4ee01c8923110ba0e9b

SHA256
bd8b23d230dc0afe79555ada81fb1e6402521168a9b510c6d8568686aeb9fc0a

SHA512
91dac2989d1c439131666b96ed33ac079bb0dceeca5a76df607782350695a0988bf4dc2422b0ba5ce6be0947ae1940fffd7de6b49f3a6d5f45d3585819147ccb

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
10KB

MD5
3f1c4b2c66bde4120512d428d2695f60

SHA1
d111ef7c6461241ac7649c7ab110917e414d3e10

SHA256
0271d1e3758e5730ad9e5ca511f3500a325bffd7a230bff0bdcc5274455bb9e0

SHA512
e7c4dcd99ab9e6d5dcd62db858c303380297f37e6c83ca7f097739d46e30215eb72f43f62157d64f7a26c9bd7c14a88ea7f5cf40afb4dcf943878759bf567468

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
10KB

MD5
48d22362d78a44978b30c14d34b7be27

SHA1
d2c254be0d069892cd061ea1729737ac199ef017

SHA256
6e9d405af6ecd37331037c533f6ebd42afbbbee9717c1ffd06f98f431628fe02

SHA512
76737fe2277c0002b88c31f4897b3fb35edc275c3ee74e8fd5fefc7adcdce9dda935a77b9d733a5c112db25becef0095569e3a17dc71542bc529f611e1c417fd

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
10KB

MD5
5e096ff224a2fb021382a85b40540a28

SHA1
f9357a59d27a54e30e6d0fa8d41338bf37e0388c

SHA256
67bb1334f285d7e1286baecf539aebe000d2ae146123dd8ef49f0ee29eeb0bde

SHA512
ddf07ccf7b34b5d24073dabeaa1fa336baf33d14f6108be3c2ee6a32a57bc4d1dd112c373358548a4577dafc3572a93da85356be04846ec832368960c156f39f

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
11KB

MD5
2fac0880c456d9f35d3a8c396da4cfe5

SHA1
a9a45688a685faf672b0cd31bf792b03e43b1b48

SHA256
71d5fc571cb5b02ed4c296f716f830f9d2c9bfc7cb4985385b50d160db4f3266

SHA512
b1cf5521026c23364d18de691400f19439a81937cc95431ceb208363000dfa17feeaec5739893e73184db5939c8ddfcd87f0fa28388b492c7f8981c417a5f87b

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
10KB

MD5
f7a35e0cf69980159ba0cf99abdb102c

SHA1
6af3f2ad8fe457ac13754317810bfc4190932e3b

SHA256
9064ad34910f2192aff351db52a1025fa57cfe834794d1498c02cc35ac36cc47

SHA512
3d79e08955ef1810e9eb18ab6577cc8f5ed837c70ef5257d6021d4fa0190d6de8406f42ffff95fd0f55ffdff3b4287fef8a7ce806713bb6feff8ac112775a3c5

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw

Filesize
10KB

MD5
cd5bce1866ff9943171a24f9213cedb2

SHA1
b1a7df3e937cfe45e2ded9114c9e31f6e1a75d42

SHA256
08a360f3fc396e0895524db2b25b624e156a2b9c505452bf82b7114f6d3105b8

SHA512
d5bfcb194b81c329bda3545fae0b3b7392941070c8f410fda98a88d46e03ba4acaff8870b65ff5aa5d3b26718f9d622996e4c4827f974a147f82ad950f87cd8e

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw~RFe5e565b.TMP

Filesize
461B

MD5
410e59a78743261881f8ee61f89ddbc5

SHA1
853fd9fb733418616b7d5cc9e5dff670f8a594ae

SHA256
eef0539226e9f78c60f0154078d0147b4951865cf93af6ddfd8df356156d1a00

SHA512
6d0954eb6ac165548c61af3097692468c395f103bedc0a37e8a45e863e787e75488ec023e6c65994ba7ad6868682a735e88f37ee09faeaef37e735e6bbb3ff85

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\daily_wallpapers.json

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
1KB

MD5
62d514489691dbdf357516a90597b57a

SHA1
d371f66364fa13e7bab20c36cdea402a306fac43

SHA256
c5bafadad066c864960a89bb97b5aaaa8231c07992e7e71d14e845247b657d32

SHA512
e7460f48acb77cd2312749c68e8fee8706f9c576c5fe0e2dc9ee3ae1d97d3c231a3f19938114e41ae260662ec650c4deb8e6de8d092f1e4ffdcb89b73aed643c

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
3KB

MD5
8a999aeb2fb7cdecf7358d8bf85c9825

SHA1
095e13f8ffddb346a2576629e75f2d9ba5039829

SHA256
42b462e4c3de1d9cc7cbfd1c7f625847a9085592f836fe0feff4692b65dff947

SHA512
0ea80839044c5b5ff2636f10aad7ac4416c8571232ff6383e28598c9f5e557e46c3053949f8019de7a492a71064cfbce3c11a7d81ab4036fb04711a1ccbcc001

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
595B

MD5
28126be1d225323353bf93dc3d9761ad

SHA1
4c982cca2dda0f7d85e23fb381483eb7ed7aa749

SHA256
d7aab21075e66d5e87613b313a79306ceaa77e86bb7a52259293b26fb4450f6a

SHA512
4f196b71c0c5e05eadc079054cea32f98ffae789371c374ae1366f15b7297684fa02b318b7419d8503a23e84283d8e6d414a7977a83c0e7652b7b07aee9f8276

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
688B

MD5
5981a33e4fb5bf5a6e6c696c1a18ce89

SHA1
7946f39a356768c86276434ab5eeb35b663b6829

SHA256
9955cee913c3bf3aa9afc3fec27b039057808852e713ae1f49946007e551470f

SHA512
2bad38829d15d1279594f5cb4da6e01661b2786b09c54a3b63e130744c73ff78847dac9ba88ca11069bbacaccd5af7b0cd479ef6b3ae37af35ecff2ced38be8c

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
782B

MD5
db30790ac5f6f9603ff863d2ffa8f003

SHA1
b0a6a41f47306c658ba2dc48fc1ff2c323074f05

SHA256
5e57bfbb053654128d3c5a36c7f4a0d419896c7b91278bec692342c4d72dd710

SHA512
f5cc430903ecf24fc439c241c059abf10ab5cb3e5f84a0c5e61c5ee2e9c95295cbaa3c5b0c8d61a280016407be099845e9d6a9ddd35614ee8120102ac29dcaea

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
871B

MD5
7fa0e15f1a2af2b2d889d469a040626a

SHA1
fb820a6574469556b32311e0dfbf62393dae743b

SHA256
7360c177495e81bf44007cd582c8fa4b53bf98f05a95a5dc571609dd52c159df

SHA512
9d05f0c692243b817b66817e2f6901f9afc66a96d351bc760b708e9420fa90f51b6b939c9a230f537679314bbb70ee87cb8a7b31b0e8aa7d54b1398284def618

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
969B

MD5
701de4c762e27eeb957872bf4cc466ea

SHA1
22e59adc4dae38e57151fb939cae1784e5cd80ab

SHA256
bd0a057e57267e5637bcd15f1588f7f669229626eb4146f68fa643b2c2ea6065

SHA512
f853be51d9140ddf16a54449277a3d4c03e4d41b3a9da5d81c3b67501ba8efa5fe591fa12ef5e62878fb5e9e1a4057a13e2c78c6a02f83caa3ee2d0e46765549

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
1KB

MD5
ac64db514dd041b2277e2717b0b6c851

SHA1
7aa1bac9730a04b5eaa21f60bf1fffe7e3708820

SHA256
9e4d9471da9ac8ce2527c4f3b32d9b7f35ed53efc3d28193012312865e588157

SHA512
7cb631eb0086b4b113ed185c44142541da66cded684f7e100c9c4e970524b62c53ca32fa16f8287c09e505a41583697cd0e9c603546302a70c75ed971d11c3fd

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
1KB

MD5
ef3389640995298c2c8a1cf37433755a

SHA1
f4392836413d9aa8a6e8295aa561c658aed2e33e

SHA256
af09bfabc93f353f4871b82a5834e2ca517f496a0abbe6d38a634df224da0f39

SHA512
85712adf6358daea342eef8cc05e6730b3044f799057a9db8771a6a8cbeefa219b549193868941142d54475f50a04690823b0064f513ca85557a2ecbefcaf71d

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
1KB

MD5
e37ed19527fde5a2ae8a403657ab8558

SHA1
f35d753359cff7682e05299f75988b23ae656945

SHA256
2c760ba9d46fa85fa2049e37ebe9035e88ae8de5ebf37faddda96a6af1ff2f78

SHA512
7817e3506752a99aadbaa02bf97439868aad36c4eaf119f44250efa00c70d72cba32591a7d0d77f20f7fcf191bd13ef9c9d5ab553e51ba3e09165b7d08e6dbcc

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
1KB

MD5
f083ddaeb8dee976149706adec72933d

SHA1
6726c08a5e9dc3307ce737eae16381d1aef151dd

SHA256
c48b400c2efef2394d37c3b913feb7bb6ba7751d9038baa526bc892c1fab5f40

SHA512
b075dae4792ccad9f178a87a612cab1a371d6bc25c0c3e3b28845b87f6b04d9194ee932b8a4400363f64fcc1056f030bc731010c4c09ddfb3dc77c8a4bba2d9d

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
1KB

MD5
a2287e534672efa021dadf28ce3f2d00

SHA1
830bbbc5bcb770f0c443430fcba5fe5d6b9e0a8c

SHA256
a455506f667f45baf3d9bd52aa5a9e6060f39e05fb16c72d2f2cb75b03073269

SHA512
e79a5e01c27591e1dcbe61ec4684ba46abf926b79f33d19e49ef0631cd3ffb4730f1123f4654958d946a909108e97f9312d425b720007bb5e9094ddd1b61181c

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
1KB

MD5
cd3ab425a044c6a9504268f9a9dcefe0

SHA1
94b751761f54837393cc4c98b16ea8e1726103b6

SHA256
46fda5ab0017065c9195a9c6a19d1fd9d5e75dd430ec64ff7632723458b83f4b

SHA512
8f74573e83b64fdd91ebd811d57bec898545623ae4edacdd4df8484800ae801f35bde2eebafbcd3a35b0e36df3f4d8ea38eafe4888b8d4127784a40b09b38709

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
2KB

MD5
9faa3dc73e3f3f9bc410bd908da6eb94

SHA1
8e75290f56de7465782905c91828c8150ef383e5

SHA256
b90521c8a6100c079d1917082bdd6fd95d8ad75d55c37d966921f784919a0740

SHA512
8356644f1be92168ff24bc295c3de754bb8746fb5cd461d7998558378e9b23c58e4395bdc92ab1ade39069fbfa9a0073c6acbd6150ab26e4804cca3c081291ce

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
3KB

MD5
5f123836dd6c3f7a06b21e5d7024a377

SHA1
3612f2f40c24bb00ada730a768b441fc21471780

SHA256
cbb1403c9990a859afc9c65af579747977d8995c87c3dd03dca814048c01bd69

SHA512
f2b2633c96b28bde8786d40e5c74c749b01bb58523bea600f2f34e579bdb2fe3cc8abcb774f969e84464536e33ce020c5c236e2616b50901b728b98bbdfedc56

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
3KB

MD5
0d523d33511d4d0da586995be16f7c5d

SHA1
dee3f5ee53af0df9daa68f016fd3846235a638e1

SHA256
1b6bf046cd474bdc95f81f15d44e4173f0ca5d085f8e95dfdeb912b3cb1183f3

SHA512
9c164203d049543872dc0ef4f8022ee99b66061eb842bbeaa1a11c2c19632e679e677598cce3a3bd3e012c8508ba529c4efdddbb39484646532a34e166818a66

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
3KB

MD5
c136a1eb1a5632b3770217a34b1e47a1

SHA1
8cd53efa3feaa72740271c494b685dc5294c28fd

SHA256
109e848ea80b8dc2242ddf5d980ff3c920dfd92302c23901c09812e0cea6c014

SHA512
8d90b6c51e2d1aa389eac8db6e7aa01623b6864c0035e2cec80464b16a9dab2ee2a18ef1583e0e38c011410c2216f7551c67384c1589084a656681344992f1dd

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
4KB

MD5
cced5d1b512cec38b484cf6347b4ff32

SHA1
29984d006ea50cbf9f86a8ff0e835f7c47eeb02e

SHA256
c5cc27082800b2404a0101d48bffda6b3f6f8470b82572eb4938bffaed5d5188

SHA512
f1018bcb84c7bfaa73c4dc98f0b2075b460396a21608082e0e9fcda19f40c6e6324afdb17bd56a1110e14b6806a836d6ba3f21442c6080701bfd55c6a5de2625

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
4KB

MD5
388e6e1a6c6cbeb31daf95a2fe00be55

SHA1
2e6a73864aa31da48dbfc0543f4e67f2cf23eebc

SHA256
80b6c0b823bbfe6a680fd675de32598ba8dbd657189ee2c1fac1b395151167d1

SHA512
e93f51bfae9b2eef848979c402db6243046098f48c2098d5d667c75d19795012402db8a1ac5b72eb6aa2d52f8c06e3f057ae827cd115d07ec7b91c630e81a0e0

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
4KB

MD5
fd28037904fad5a56134fa2b7bc3b189

SHA1
c6944c515936d610c422fee670064e22d6e7070f

SHA256
0703e40952f3778d4ff589e7a7e45d468e8479f6bf43f3ffa55d6b1d7746ee81

SHA512
c8482222ad3ee8e0046adf2d44c60f564cff0583c26e0f0ec2f0d282d04f3cd16a9d26ad01745ac6af1a2c2d464311a6e3e1003013ec66aa563a5defe1337061

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
4KB

MD5
6bfbc9a69732163ff54f469cc8d6dd82

SHA1
e9d8a8e57db5259e0737106209ca1a27d0a978f1

SHA256
00ddec35a7788796b5338493bdc03740d4b09f813fdb89d18c063f8f50cc667a

SHA512
a79ca2ffdc42ba2239b063354651eaf2911eec4657e769ee8096a7f68e485574db97c8e5b96f602a5357ea01f0f7e4de3540cd13a2188c1cb05cafb25857eaba

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280

Filesize
503B

MD5
60a6b29a5f19bbb44aac9bde3ecc7e57

SHA1
98461eb3bd78b34998b53c10cfd5be58db3ffbc7

SHA256
2843df26b772378be7b10681ac16141c1523edc24c0d829051315ec07c79dd91

SHA512
4d3e8ce62c3a60fc656a57f9cf2f90642d6b40815be1fd0728291f2294b344881a3ada8e74fbc4cd41832409ba83dc982341447e1682bfbaf38d1305fc5f0de1

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.0.1617480280~RFe5e5c08.TMP

Filesize
411B

MD5
e5c67b1d4e10398231f5535d08a7cea3

SHA1
fad121dc0a30a635d27a736ca35918d8194a733d

SHA256
86cdeced39fa591824fe33c793a36bd464c6ded818daa8afe500eeaf4573e76b

SHA512
8e1c20f5f33de721f058854e42cf1d6099035e4afb5587415a59787ec7ad7eac739735f0207ca4fdb75547203f46cfaff56a9495eecc87ebab60ccbf54fc63e4

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.1.1574953115

Filesize
200B

MD5
57db1eb8f4181aee907359c56b35acc2

SHA1
dbac895ea87a94746e6ddc072e66618b6ff23c7d

SHA256
3cd4e2d3185c27ad6ac1f9e264f24b1bcdf163e83b93a4ac5004b242c46bda0e

SHA512
f0603add0b5be80925e587684837ddea3f42b94b0bca54ee0e963b26d31d873fe21957e7ac3e2753f5cbb13aee5476c4b78ef6ce954c8b7a124a39c0196bbc39

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\ssdfp5480.1.1574953115~RFe5e60fa.TMP

Filesize
171B

MD5
38b4352cf2d4b7afb1c48b4fab315ec7

SHA1
5aee0c3c370a41f6a9a35ffb7e668dee3f76d39e

SHA256
9c1cdade7cf07cc976d040906566d822be12022f5d0954ec278065701e990fb6

SHA512
6cb32695fa19250c5a5a0e9920d388479e09d0be0850ac2953683dce41eddf9de712b8a4c4ee76125c391f1b348909f785dbf1228866fb8674ea766effe54d2d

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9x.dll

Filesize
672KB

MD5
05b754c0961dab26b760e3d0ba4bc1bc

SHA1
4410edc5bda1a84a43fa89ffb992987b45a72a73

SHA256
d0439531885aabfd4235f21303cd202f5dd60a0125251425cc2a6aced15d247b

SHA512
aa1028583e596e8122b50980847442038c88bbb5fb866654994564d26bc52a347bab739e17fbefd5838aec678f5f956a495b5206f8baa9549ff429593035eb8e

Download Submit
C:\Users\Admin\AppData\Roaming\d3d9x.dll

Filesize
501KB

MD5
5af55b00cbad7d894a5c912376e3c0a2

SHA1
fe01681dc3948e4e5ed1500faf25e9573292d182

SHA256
708a93551d961679e4efc9f317161f09f83571a503f4d1323f8c9992e78cccf0

SHA512
8df02f9c871dcc346245c019db361eb7df328aa7bf39fb056779ce09d7d64bafcf5e1310b5760f6b4a6c9bbaecaeed7aac8a911381254ffc76c4c6977efd08e7

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.1MB

MD5
ef66d6fc1de459e5bad6e655fafa967b

SHA1
a21f8150a8486e7ced283037e8f54a3ffa5f9ecc

SHA256
73e0ae15523cf23e7cf4219c99b8db492f92cf2e30cf9868d9ab5508cce2e6bf

SHA512
32bd721e2813beb7fed25f682159b62188b23a840f1df8f8fffa090b375c9fdd725fcfdb2f13f6bbdc63a166d24972b54d2b64f86e48a5c92e0b7edb2c0926b7

Download Submit
C:\Users\Admin\Downloads\granland.zip

Filesize
47.3MB

MD5
0e030446ee3397a69dc0bd97b9014df8

SHA1
bad8ea9d5bb6873e390a578af88ae3bb7ce0c94b

SHA256
eff72a8ffe1174944f98a82d0a490e5028311a3e9fc81fdd2fec40c719d5e701

SHA512
58ea029250a5177c86ba96ee372c34d16e7b20e06a8dc029f5d71a855a0439953740d492d6c56daae4305e7d459d1b17a3ebc1264dc49e63036aeda9d4ec29b9

Download Submit
C:\Users\Admin\Downloads\password - 4834 (1).txt.crdownload

Filesize
185B

MD5
f816ec8beb48c1987bcb0f93df03d5bb

SHA1
a70f71188d237de63b6ae99bd3010010e8eb8a7e

SHA256
a175ff3e44628d94ae9274edba19534f044a60e0fda70f4a02f656bfbcfb8ee3

SHA512
5a546e99ee3300cdfd9636973dc77924497bf3341be50dce206ec12e3676c0b6c481e43de1ee751b04c1496f211bcd00f8a373ed8739362d05f0343bbd98a7bf

Download Submit
memory/1008-2175-0x0000000007FF0000-0x000000000803C000-memory.dmp

Filesize
304KB

Download
memory/1008-2169-0x0000000004CC0000-0x0000000004D52000-memory.dmp

Filesize
584KB

Download
memory/1008-2176-0x0000000008C10000-0x0000000008C76000-memory.dmp

Filesize
408KB

Download
memory/1008-2166-0x0000000000710000-0x000000000078A000-memory.dmp

Filesize
488KB

Download
memory/1008-2174-0x0000000007E80000-0x0000000007EBC000-memory.dmp

Filesize
240KB

Download
memory/1008-2187-0x0000000009080000-0x000000000909E000-memory.dmp

Filesize
120KB

Download
memory/1008-2188-0x0000000009BB0000-0x0000000009D72000-memory.dmp

Filesize
1.8MB

Download
memory/1008-2173-0x0000000007E20000-0x0000000007E32000-memory.dmp

Filesize
72KB

Download
memory/1008-2172-0x0000000007EE0000-0x0000000007FEA000-memory.dmp

Filesize
1.0MB

Download
memory/1008-2171-0x0000000008380000-0x0000000008998000-memory.dmp

Filesize
6.1MB

Download
memory/1008-2170-0x0000000004CB0000-0x0000000004CBA000-memory.dmp

Filesize
40KB

Download
memory/1008-2189-0x000000000A2B0000-0x000000000A7DC000-memory.dmp

Filesize
5.2MB

Download
memory/1008-2168-0x00000000051D0000-0x0000000005774000-memory.dmp

Filesize
5.6MB

Download
memory/1008-2186-0x0000000009000000-0x0000000009076000-memory.dmp

Filesize
472KB

Download
memory/2132-2160-0x00000000003B0000-0x000000000045C000-memory.dmp

Filesize
688KB

Download
memory/2916-3077-0x000001C8F2FD0000-0x000001C8F370F000-memory.dmp

Filesize
7.2MB

Download
memory/3080-2346-0x00007FF9824A0000-0x00007FF9824A1000-memory.dmp

Filesize
4KB

Download
memory/3080-3070-0x000002100A6F0000-0x000002100AE2F000-memory.dmp

Filesize
7.2MB

Download
memory/3080-2347-0x00007FF9827A0000-0x00007FF9827A1000-memory.dmp

Filesize
4KB

Download
memory/3836-3358-0x0000018DBD230000-0x0000018DBD96F000-memory.dmp

Filesize
7.2MB

Download
memory/4924-3078-0x0000024A11F10000-0x0000024A1264F000-memory.dmp

Filesize
7.2MB

Download
memory/5104-3076-0x000001B45F170000-0x000001B45F8AF000-memory.dmp

Filesize
7.2MB

Download
memory/5476-3721-0x0000000000680000-0x0000000000712000-memory.dmp

Filesize
584KB

Download
memory/6720-3738-0x0000000000400000-0x0000000000452000-memory.dmp

Filesize
328KB

Download
memory/6720-5350-0x0000000006E30000-0x0000000006E80000-memory.dmp

Filesize
320KB

Download
memory/6720-3768-0x0000000005820000-0x000000000586C000-memory.dmp

Filesize
304KB

Download
memory/7856-5368-0x0000000007C60000-0x0000000007CAC000-memory.dmp

Filesize
304KB

Download