Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
485s -
max time network
490s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
11/08/2024, 08:51
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1RFM2MtR21uQnVlYWdHZUxaaWNqX0k4MVp5d3xBQ3Jtc0trb01tVTg0UUNKeXdqNkV5enNGM2htOXNlVVNOMWZVSTZRTnR4WHYxR3hrR2RQMzBUWFhwN0UyU0R0bjQ4b1FvSkd4SFZJX3pfdVFpTHZGSTZMMWc5WkhVWDNjZFd1ZEEtQk1xUDc0WWM4NlB3eGpMcw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fmvhbku3oxuunj%2Fexecutor&v=LkF2reM7IOw
Resource
win10v2004-20240802-en
General
-
Target
https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1RFM2MtR21uQnVlYWdHZUxaaWNqX0k4MVp5d3xBQ3Jtc0trb01tVTg0UUNKeXdqNkV5enNGM2htOXNlVVNOMWZVSTZRTnR4WHYxR3hrR2RQMzBUWFhwN0UyU0R0bjQ4b1FvSkd4SFZJX3pfdVFpTHZGSTZMMWc5WkhVWDNjZFd1ZEEtQk1xUDc0WWM4NlB3eGpMcw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fmvhbku3oxuunj%2Fexecutor&v=LkF2reM7IOw
Malware Config
Extracted
redline
185.196.9.26:6302
Signatures
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
RedLine payload 1 IoCs
resource yara_rule behavioral1/memory/6720-3738-0x0000000000400000-0x0000000000452000-memory.dmp family_redline -
Credentials from Password Stores: Credentials from Web Browsers 1 TTPs
Malicious Access or copy of Web Browser Credential store.
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 20 IoCs
Looks up country code configured in the registry, likely geofence.
description ioc Process Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe Key value queried \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\Control Panel\International\Geo\Nation opera.exe -
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
-
Executes dropped EXE 64 IoCs
pid Process 5224 OperaGXSetup.exe 1140 setup.exe 5168 setup.exe 5628 setup.exe 888 setup.exe 4288 setup.exe 5556 Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe 5792 assistant_installer.exe 5564 assistant_installer.exe 5296 installer.exe 6020 installer.exe 2476 opera.exe 2084 opera_crashreporter.exe 5480 opera.exe 764 opera_crashreporter.exe 1680 opera.exe 3816 opera.exe 5128 opera.exe 4924 opera.exe 3836 opera.exe 2916 opera.exe 5104 opera.exe 3080 opera.exe 4216 opera.exe 1448 opera_gx_splash.exe 3904 opera.exe 5540 opera.exe 1736 opera.exe 5148 opera.exe 5136 opera.exe 5628 opera.exe 5736 opera.exe 3812 opera.exe 4844 opera.exe 6032 opera.exe 4984 opera.exe 5188 opera.exe 2896 opera.exe 2908 opera.exe 6136 opera.exe 1632 opera.exe 1168 opera.exe 5808 opera_autoupdate.exe 5000 opera_autoupdate.exe 6164 opera_autoupdate.exe 6264 opera_autoupdate.exe 7516 installer.exe 6536 opera.exe 6560 opera.exe 6580 opera.exe 6596 opera.exe 6608 opera.exe 6620 opera.exe 6640 opera.exe 6672 opera.exe 6684 opera.exe 6696 opera.exe 6712 opera.exe 6724 opera.exe 6736 opera.exe 5228 opera.exe 6760 opera.exe 6772 opera.exe 7100 opera.exe -
Loads dropped DLL 64 IoCs
pid Process 1140 setup.exe 5168 setup.exe 5628 setup.exe 888 setup.exe 4288 setup.exe 2132 vodmorp.exe 5296 installer.exe 6020 installer.exe 2476 opera.exe 2476 opera.exe 5480 opera.exe 5480 opera.exe 1680 opera.exe 3816 opera.exe 1680 opera.exe 3816 opera.exe 1680 opera.exe 1680 opera.exe 1680 opera.exe 1680 opera.exe 1680 opera.exe 1680 opera.exe 5128 opera.exe 5128 opera.exe 2916 opera.exe 4924 opera.exe 3080 opera.exe 3080 opera.exe 2916 opera.exe 4216 opera.exe 4216 opera.exe 5104 opera.exe 3836 opera.exe 5104 opera.exe 3836 opera.exe 4924 opera.exe 3904 opera.exe 3904 opera.exe 5540 opera.exe 5540 opera.exe 1736 opera.exe 1736 opera.exe 5148 opera.exe 5136 opera.exe 5148 opera.exe 5136 opera.exe 5628 opera.exe 5736 opera.exe 5628 opera.exe 5736 opera.exe 3812 opera.exe 3812 opera.exe 5628 opera.exe 4844 opera.exe 5188 opera.exe 2896 opera.exe 5188 opera.exe 2896 opera.exe 6136 opera.exe 1632 opera.exe 6136 opera.exe 1632 opera.exe 1168 opera.exe 6032 opera.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Opera GX Stable = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera GX\\opera.exe" opera.exe -
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 6 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\F: setup.exe File opened (read-only) \??\D: installer.exe File opened (read-only) \??\F: installer.exe File opened (read-only) \??\D: setup.exe File opened (read-only) \??\F: setup.exe File opened (read-only) \??\D: setup.exe -
Checks system information in the registry 2 TTPs 2 IoCs
System information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName opera.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer opera.exe -
Suspicious use of SetThreadContext 6 IoCs
description pid Process procid_target PID 2132 set thread context of 1008 2132 vodmorp.exe 191 PID 5476 set thread context of 6720 5476 vodmorp v2.exe 266 PID 3812 set thread context of 7856 3812 vodmorp.exe 302 PID 6916 set thread context of 8056 6916 vodmorp.exe 305 PID 3988 set thread context of 4780 3988 vodmorp.exe 308 PID 3652 set thread context of 5888 3652 vodmorp v2.exe 311 -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 22 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
description ioc Process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language OperaGXSetup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vodmorp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MSBuild.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vodmorp v2.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vodmorp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MSBuild.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language DllHost.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MSBuild.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language assistant_installer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vodmorp v2.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MSBuild.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MSBuild.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language setup.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language assistant_installer.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vodmorp.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language MSBuild.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language vodmorp.exe -
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 64 IoCs
Adversaries may check for Internet connectivity on compromised systems.
pid Process 6932 opera.exe 4972 opera.exe 5128 opera.exe 5736 opera.exe 6652 opera.exe 6560 opera.exe 7988 opera.exe 3852 opera.exe 7872 opera.exe 5332 opera.exe 6760 opera.exe 6736 opera.exe 6696 opera.exe 7840 opera.exe 8128 opera.exe 7728 opera.exe 4216 opera.exe 1684 opera.exe 396 opera.exe 3388 opera.exe 1680 opera.exe 5188 opera.exe 3080 opera.exe 6608 opera.exe 7468 opera.exe 7396 opera.exe 7092 opera.exe 4844 opera.exe 7028 opera.exe 7068 opera.exe 7088 opera.exe 3816 opera.exe 3812 opera.exe 2908 opera.exe 6032 opera.exe 6988 opera.exe 6532 opera.exe 3904 opera.exe 1168 opera.exe 5148 opera.exe 7788 opera.exe 6672 opera.exe 6188 opera.exe 3988 opera.exe 7804 opera.exe 2916 opera.exe 4924 opera.exe 1736 opera.exe 6684 opera.exe 7024 opera.exe 916 opera.exe 7532 opera.exe 5628 opera.exe 1632 opera.exe 7004 opera.exe 7100 opera.exe 5104 opera.exe 5540 opera.exe 6136 opera.exe 4984 opera.exe 6960 opera.exe 6976 opera.exe 7056 opera.exe 6724 opera.exe -
Enumerates system info in registry 2 TTPs 6 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS opera.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName opera.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer opera.exe -
Modifies registry class 64 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.gxanimations installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\WOW6432Node\CLSID\{8C63D4B8-CF89-4527-B10F-99914B6C207F} installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\URL Protocol installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell\open\ddeexec\Application installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Applications\opera.exe\shell\open\command installer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.opdownload\OpenWithProgIDs\Opera GXStable = "0" installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\WOW6432Node\CLSID installer.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{BFA0CC0E-2904-423D-A03A-42C5F12CD208} opera_gx_splash.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell msedge.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ msedge.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable installer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.xhtml\OpenWithProgIDs\Opera GXStable = "0" installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\WOW6432Node\CLSID\{8C63D4B8-CF89-4527-B10F-99914B6C207F}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera GX\\112.0.5197.60\\notification_helper.exe" installer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff msedge.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.opdownload installer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616257" msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000 msedge.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell\open\ddeexec installer.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1302416131-1437503476-2806442725-1000\{40073DBB-ABE7-4249-A750-FA2A50762637} opera.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.xht\OpenWithProgIDs\Opera GXStable = "0" installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\WOW6432Node installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ msedge.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags msedge.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell\open installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.gxanimations\OpenWithProgIDs installer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.html\OpenWithProgids\Opera GXStable = "0" installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.opdownload\OpenWithProgIDs installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.xht\OpenWithProgIDs installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Applications\opera.exe\shell\open installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 msedge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff msedge.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48" msedge.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\FriendlyTypeName = "Opera GX Web Document" installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\DefaultIcon installer.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.pdf\OpenWithProgids\Opera GXStable = "0" installer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000014f5964d7e4da01323183aae0e4da0159e1c566ccebda0114000000 msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Applications\opera.exe\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera GX\\opera.exe\" \"%1\"" installer.exe Set value (data) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202020202 msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell\open\ddeexec\Application\ installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell\open\ddeexec\Topic installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Applications\opera.exe\shell installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings msedge.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell\open\command installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU msedge.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.xht installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Applications\opera.exe installer.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\WOW6432Node\CLSID\{8C63D4B8-CF89-4527-B10F-99914B6C207F}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Programs\\Opera GX\\112.0.5197.60\\notification_helper.exe\"" installer.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "10" msedge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\10\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3" msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Opera GXStable\shell\open\ddeexec\ installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.xhtml installer.exe Key created \REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\.shtml\OpenWithProgIDs installer.exe -
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e setup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e setup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 setup.exe -
NTFS ADS 1 IoCs
description ioc Process File opened for modification C:\Users\Admin\Downloads\Unconfirmed 700323.crdownload:SmartScreen msedge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
pid Process 1476 msedge.exe 1476 msedge.exe 4392 msedge.exe 4392 msedge.exe 4952 identity_helper.exe 4952 identity_helper.exe 5792 msedge.exe 5792 msedge.exe 5300 msedge.exe 5300 msedge.exe 5300 msedge.exe 5300 msedge.exe 6008 msedge.exe 6008 msedge.exe 1124 msedge.exe 1124 msedge.exe 5468 msedge.exe 5468 msedge.exe 5344 msedge.exe 5344 msedge.exe 4912 msedge.exe 4912 msedge.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 1008 MSBuild.exe 5480 opera.exe 5480 opera.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs
pid Process 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
description pid Process Token: SeDebugPrivilege 1008 MSBuild.exe Token: SeBackupPrivilege 1008 MSBuild.exe Token: SeSecurityPrivilege 1008 MSBuild.exe Token: SeSecurityPrivilege 1008 MSBuild.exe Token: SeSecurityPrivilege 1008 MSBuild.exe Token: SeSecurityPrivilege 1008 MSBuild.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: 33 840 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 840 AUDIODG.EXE Token: SeShutdownPrivilege 1448 opera_gx_splash.exe Token: SeCreatePagefilePrivilege 1448 opera_gx_splash.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeShutdownPrivilege 5480 opera.exe Token: SeCreatePagefilePrivilege 5480 opera.exe Token: SeDebugPrivilege 6720 MSBuild.exe Token: SeDebugPrivilege 7856 MSBuild.exe Token: SeBackupPrivilege 7856 MSBuild.exe Token: SeSecurityPrivilege 7856 MSBuild.exe Token: SeSecurityPrivilege 7856 MSBuild.exe Token: SeSecurityPrivilege 7856 MSBuild.exe Token: SeSecurityPrivilege 7856 MSBuild.exe Token: SeDebugPrivilege 8056 MSBuild.exe Token: SeBackupPrivilege 8056 MSBuild.exe Token: SeSecurityPrivilege 8056 MSBuild.exe Token: SeSecurityPrivilege 8056 MSBuild.exe Token: SeSecurityPrivilege 8056 MSBuild.exe Token: SeSecurityPrivilege 8056 MSBuild.exe Token: SeDebugPrivilege 4780 MSBuild.exe Token: SeBackupPrivilege 4780 MSBuild.exe Token: SeSecurityPrivilege 4780 MSBuild.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
pid Process 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe -
Suspicious use of SendNotifyMessage 50 IoCs
pid Process 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 4392 msedge.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5480 opera.exe 5480 opera.exe 5480 opera.exe 5480 opera.exe 5480 opera.exe 5480 opera.exe 5480 opera.exe 5480 opera.exe 5480 opera.exe 5480 opera.exe 5480 opera.exe 5480 opera.exe 5480 opera.exe 5480 opera.exe 5480 opera.exe 5480 opera.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 1140 setup.exe 5344 msedge.exe 5296 installer.exe 5296 installer.exe 5252 DllHost.exe 5252 DllHost.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5252 DllHost.exe 5252 DllHost.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe 5296 installer.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4392 wrote to memory of 4220 4392 msedge.exe 85 PID 4392 wrote to memory of 4220 4392 msedge.exe 85 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 4396 4392 msedge.exe 86 PID 4392 wrote to memory of 1476 4392 msedge.exe 87 PID 4392 wrote to memory of 1476 4392 msedge.exe 87 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 PID 4392 wrote to memory of 3220 4392 msedge.exe 88 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqa1RFM2MtR21uQnVlYWdHZUxaaWNqX0k4MVp5d3xBQ3Jtc0trb01tVTg0UUNKeXdqNkV5enNGM2htOXNlVVNOMWZVSTZRTnR4WHYxR3hrR2RQMzBUWFhwN0UyU0R0bjQ4b1FvSkd4SFZJX3pfdVFpTHZGSTZMMWc5WkhVWDNjZFd1ZEEtQk1xUDc0WWM4NlB3eGpMcw&q=https%3A%2F%2Fwww.mediafire.com%2Ffolder%2Fmvhbku3oxuunj%2Fexecutor&v=LkF2reM7IOw1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4392 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff974ed46f8,0x7ff974ed4708,0x7ff974ed47182⤵PID:4220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:22⤵PID:4396
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:1476
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:82⤵PID:3220
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵PID:4972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:12⤵PID:5036
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:82⤵PID:1556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:12⤵PID:4732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:12⤵PID:2292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:12⤵PID:32
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:12⤵PID:1804
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵PID:1872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:12⤵PID:2564
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵PID:1972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:12⤵PID:1776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:12⤵PID:3984
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:12⤵PID:5556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:12⤵PID:5872
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6912 /prefetch:12⤵PID:2572
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:12⤵PID:6072
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:12⤵PID:4496
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6744 /prefetch:82⤵PID:5304
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:12⤵PID:5296
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8024 /prefetch:82⤵PID:384
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7784 /prefetch:82⤵PID:2836
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5260 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5792
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6088 /prefetch:82⤵PID:3532
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8132 /prefetch:82⤵PID:3652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5960 /prefetch:82⤵PID:5928
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7628 /prefetch:82⤵PID:3292
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3064 /prefetch:82⤵PID:5936
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=8004 /prefetch:82⤵PID:5916
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5224 -
C:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exe --server-tracking-blob=MDBiMDVmNmZkM2RmM2UxMDJjNjQyODhjZjliZmYyYmYyNTY4MzA2MDliOWE4ZjBhZjA0MWQ2MDI1OTUyMDQ3NDp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9YVlJfV0VCXzI5MjMmZWRpdGlvbj1zdGQtMiZ1dG1fY29udGVudD0yOTIzX2MyNWJlMjJlLWFjMzUtNGJiYS1hMmI4LTIxMmYwMTAzNGQyNiZ1dG1faWQ9ZDBiMjRmYzM2YzA5NGRlOTg2ZjdhOTFmZGRjOTkyNGMmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZneCUzRnV0bV9jb250ZW50JTNEMjkyM19jMjViZTIyZS1hYzM1LTRiYmEtYTJiOC0yMTJmMDEwMzRkMjYlMjZ1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfWFZSX1dFQl8yOTIzJTI2dXRtX2lkJTNEZDBiMjRmYzM2YzA5NGRlOTg2ZjdhOTFmZGRjOTkyNGMlMjZlZGl0aW9uJTNEc3RkLTImdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWQwYjI0ZmMzNmMwOTRkZTk4NmY3YTkxZmRkYzk5MjRjJmRsX3Rva2VuPTc3MDMxOTMxIiwidGltZXN0YW1wIjoiMTcyMzM2NjM0OC45ODM1IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzkyLjAuNDUxNS4xMzEgU2FmYXJpLzUzNy4zNiBFZGcvOTIuMC45MDIuNjciLCJ1dG0iOnsiY2FtcGFpZ24iOiJQV05fR0JfWFZSX1dFQl8yOTIzIiwiY29udGVudCI6IjI5MjNfYzI1YmUyMmUtYWMzNS00YmJhLWEyYjgtMjEyZjAxMDM0ZDI2IiwiaWQiOiJkMGIyNGZjMzZjMDk0ZGU5ODZmN2E5MWZkZGM5OTI0YyIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiJmNGE2Mjk1Yi0xOGMyLTRkNjgtYjRjOC0yNGU0NmQ1ZGViN2IifQ==3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
PID:1140 -
C:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x330,0x334,0x338,0x308,0x33c,0x74271b54,0x74271b60,0x74271b6c4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5168
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5628
-
-
C:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exe"C:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1140 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20240811085252" --session-guid=14d48508-fb51-4a98-aabd-732485160124 --server-tracking-blob=MmQ5MTlkNzg4ZGQyMGU4NzgwNzIxMzg5YmM3NTI0MjViMDM1YzUyMTA1NjA5MzM1NDMxOWVlN2M2MTQ5MjAwODp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9YVlJfV0VCXzI5MjMmZWRpdGlvbj1zdGQtMiZ1dG1fY29udGVudD0yOTIzX2MyNWJlMjJlLWFjMzUtNGJiYS1hMmI4LTIxMmYwMTAzNGQyNiZ1dG1faWQ9ZDBiMjRmYzM2YzA5NGRlOTg2ZjdhOTFmZGRjOTkyNGMmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZneCUzRnV0bV9jb250ZW50JTNEMjkyM19jMjViZTIyZS1hYzM1LTRiYmEtYTJiOC0yMTJmMDEwMzRkMjYlMjZ1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfWFZSX1dFQl8yOTIzJTI2dXRtX2lkJTNEZDBiMjRmYzM2YzA5NGRlOTg2ZjdhOTFmZGRjOTkyNGMlMjZlZGl0aW9uJTNEc3RkLTImdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWQwYjI0ZmMzNmMwOTRkZTk4NmY3YTkxZmRkYzk5MjRjJmRsX3Rva2VuPTc3MDMxOTMxIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzMzY2MzQ4Ljk4MzUiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9YVlJfV0VCXzI5MjMiLCJjb250ZW50IjoiMjkyM19jMjViZTIyZS1hYzM1LTRiYmEtYTJiOC0yMTJmMDEwMzRkMjYiLCJpZCI6ImQwYjI0ZmMzNmMwOTRkZTk4NmY3YTkxZmRkYzk5MjRjIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImY0YTYyOTViLTE4YzItNGQ2OC1iNGM4LTI0ZTQ2ZDVkZWI3YiJ9 --desktopshortcut=1 --wait-for-package --initial-proc-handle=58090000000000004⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
PID:888 -
C:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exeC:\Users\Admin\AppData\Local\Temp\7zS8649FA88\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x320,0x324,0x328,0x2fc,0x32c,0x71ae1b54,0x71ae1b60,0x71ae1b6c5⤵
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4288
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe" --backend --initial-pid=1140 --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --package-dir="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521" --session-guid=14d48508-fb51-4a98-aabd-732485160124 --server-tracking-blob=MmQ5MTlkNzg4ZGQyMGU4NzgwNzIxMzg5YmM3NTI0MjViMDM1YzUyMTA1NjA5MzM1NDMxOWVlN2M2MTQ5MjAwODp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9YVlJfV0VCXzI5MjMmZWRpdGlvbj1zdGQtMiZ1dG1fY29udGVudD0yOTIzX2MyNWJlMjJlLWFjMzUtNGJiYS1hMmI4LTIxMmYwMTAzNGQyNiZ1dG1faWQ9ZDBiMjRmYzM2YzA5NGRlOTg2ZjdhOTFmZGRjOTkyNGMmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5vcGVyYS5jb20lMkZneCUzRnV0bV9jb250ZW50JTNEMjkyM19jMjViZTIyZS1hYzM1LTRiYmEtYTJiOC0yMTJmMDEwMzRkMjYlMjZ1dG1fc291cmNlJTNEUFdOZ2FtZXMlMjZ1dG1fbWVkaXVtJTNEcGElMjZ1dG1fY2FtcGFpZ24lM0RQV05fR0JfWFZSX1dFQl8yOTIzJTI2dXRtX2lkJTNEZDBiMjRmYzM2YzA5NGRlOTg2ZjdhOTFmZGRjOTkyNGMlMjZlZGl0aW9uJTNEc3RkLTImdXRtX3NpdGU9b3BlcmFfY29tJnV0bV9sYXN0cGFnZT1vcGVyYS5jb20lMkYmdXRtX2lkPWQwYjI0ZmMzNmMwOTRkZTk4NmY3YTkxZmRkYzk5MjRjJmRsX3Rva2VuPTc3MDMxOTMxIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTAiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzIzMzY2MzQ4Ljk4MzUiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9YVlJfV0VCXzI5MjMiLCJjb250ZW50IjoiMjkyM19jMjViZTIyZS1hYzM1LTRiYmEtYTJiOC0yMTJmMDEwMzRkMjYiLCJpZCI6ImQwYjI0ZmMzNmMwOTRkZTk4NmY3YTkxZmRkYzk5MjRjIiwibGFzdHBhZ2UiOiJvcGVyYS5jb20vIiwibWVkaXVtIjoicGEiLCJzaXRlIjoib3BlcmFfY29tIiwic291cmNlIjoiUFdOZ2FtZXMifSwidXVpZCI6ImY0YTYyOTViLTE4YzItNGQ2OC1iNGM4LTI0ZTQ2ZDVkZWI3YiJ9 --desktopshortcut=1 --install-subfolder=112.0.5197.605⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies registry class
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5296 -
C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x7ff9662cee10,0x7ff9662cee1c,0x7ff9662cee286⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6020
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized6⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2476 -
C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\opera_crashreporter.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\opera_crashreporter.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x1f8,0x1fc,0x200,0x1f4,0x204,0x7ff953303190,0x7ff9533031a0,0x7ff9533031b07⤵
- Executes dropped EXE
PID:2084
-
-
-
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5556
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\assistant\assistant_installer.exe" --version4⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5792 -
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0xed4f48,0xed4f58,0xed4f645⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5564
-
-
-
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:12⤵PID:6132
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8064 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6820 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:6008
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵PID:1560
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:12⤵PID:5816
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2452 /prefetch:12⤵PID:5644
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:12⤵PID:6108
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:12⤵PID:1824
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3532 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:1124
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8912 /prefetch:12⤵PID:5576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:12⤵PID:1716
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1368 /prefetch:12⤵PID:3212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9068 /prefetch:12⤵PID:5364
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8896 /prefetch:12⤵PID:1468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:12⤵PID:5392
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6692 /prefetch:12⤵PID:2680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8868 /prefetch:82⤵PID:5852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:12⤵PID:4004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9120 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:5468
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6832 /prefetch:12⤵PID:5500
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7792 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8156 /prefetch:12⤵PID:2624
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9168 /prefetch:12⤵PID:4004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2108,5500166927261208179,1380923839809645598,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6608 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4912
-
-
C:\Windows\system32\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\password - 4834 (2).txt2⤵PID:336
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5084
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:1752
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4020
-
C:\Windows\system32\svchost.exeC:\Windows\system32\svchost.exe -k LocalService -p -s fdPHost1⤵PID:4064
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x30c 0x4c41⤵
- Suspicious use of AdjustPrivilegeToken
PID:840
-
C:\Users\Admin\AppData\Local\Temp\Temp1_granland.zip\granland\vodmorp.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_granland.zip\granland\vodmorp.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:2132 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1008
-
-
C:\Windows\SysWOW64\DllHost.exeC:\Windows\SysWOW64\DllHost.exe /Processid:{60A90A2F-858D-42AF-8929-82BE9D99E8A1}1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5252
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --start-maximized --lowered-browser1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
- Checks system information in the registry
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:5480 -
C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\opera_crashreporter.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\opera_crashreporter.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x1f8,0x1fc,0x200,0x1f4,0x204,0x7ff953303190,0x7ff9533031a0,0x7ff9533031b02⤵
- Executes dropped EXE
PID:764
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=gpu-process --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1868,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=1864 /prefetch:22⤵
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:1680
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-quic --start-stack-profiler --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=2124,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=2136 /prefetch:32⤵
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:3816
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=2316,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=2408 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:5128
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3204,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3068 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:5104
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3208,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3272 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:4924
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3224,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3388 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3836
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3244,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:2916
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3252,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3620 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:3080
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3732,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3744 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:4216
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\opera_gx_splash.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\opera_gx_splash.exe" --instance-name=0603c28fa4a788d681a330bade7a12732⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1448
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4224,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4252 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:3904
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4492,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4512 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:5540
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4712,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4708 /prefetch:22⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:1736
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4860,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4872 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:5148
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=opera.lights.mojom.Asus --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=4904,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5024 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5136
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=opera.lights.mojom.Corsair --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=4912,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5040 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:5628
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=opera.lights.mojom.Logitech --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=4924,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5420 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:5736
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=opera.lights.mojom.Razer --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=4896,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5428 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:3812
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=5648,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:22⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:4844
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=5968,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:6032
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5336,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:22⤵
- Checks computer location settings
- Executes dropped EXE
- System Network Configuration Discovery: Internet Connection Discovery
PID:4984
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6384,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6580 /prefetch:82⤵
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
- Modifies registry class
PID:5188
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6652,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6776 /prefetch:22⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
PID:2896
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6896,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:22⤵
- Checks computer location settings
- Executes dropped EXE
- System Network Configuration Discovery: Internet Connection Discovery
PID:2908
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=7100,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=7080 /prefetch:22⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:6136
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=7028,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=7240 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:1632
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=7228,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=7328 /prefetch:22⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Network Configuration Discovery: Internet Connection Discovery
PID:1168
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe" --enableipv6 --bypasslauncher --user-data-dir="C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable" --pipeid=oauc_pipebbf75761f34e48ef16427d916ed763c82⤵
- Executes dropped EXE
PID:5808 -
C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x24c,0x250,0x254,0x228,0x258,0x7ff78bac9a0c,0x7ff78bac9a18,0x7ff78bac9a283⤵
- Executes dropped EXE
PID:5000
-
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe" --fix-taskbar-pins2⤵
- Executes dropped EXE
PID:7516 -
C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\112.0.5197.60\installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x27c,0x280,0x284,0x258,0x288,0x7ff96007ee10,0x7ff96007ee1c,0x7ff96007ee283⤵PID:7248
-
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7648,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6372 /prefetch:82⤵
- Executes dropped EXE
PID:6536
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7640,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3372 /prefetch:82⤵
- Executes dropped EXE
- System Network Configuration Discovery: Internet Connection Discovery
PID:6560
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7636,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3480 /prefetch:82⤵
- Executes dropped EXE
PID:6580
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7632,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=3604 /prefetch:82⤵
- Executes dropped EXE
PID:6596
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7628,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5860 /prefetch:82⤵
- Executes dropped EXE
- System Network Configuration Discovery: Internet Connection Discovery
PID:6608
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7652,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6264 /prefetch:82⤵
- Executes dropped EXE
PID:6620
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=5468,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5928 /prefetch:82⤵
- Executes dropped EXE
PID:6640
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=6920,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8332 /prefetch:22⤵
- Checks computer location settings
- System Network Configuration Discovery: Internet Connection Discovery
PID:6652
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=7256,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8356 /prefetch:12⤵
- Checks computer location settings
- Executes dropped EXE
- System Network Configuration Discovery: Internet Connection Discovery
PID:6672
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8016,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8500 /prefetch:82⤵
- Executes dropped EXE
- System Network Configuration Discovery: Internet Connection Discovery
PID:6684
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8024,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8644 /prefetch:82⤵
- Executes dropped EXE
- System Network Configuration Discovery: Internet Connection Discovery
PID:6696
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6584,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8768 /prefetch:82⤵
- Executes dropped EXE
PID:6712
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=9016,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9012 /prefetch:82⤵
- Executes dropped EXE
- System Network Configuration Discovery: Internet Connection Discovery
PID:6724
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8044,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9064 /prefetch:82⤵
- Executes dropped EXE
- System Network Configuration Discovery: Internet Connection Discovery
PID:6736
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6308,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9328 /prefetch:82⤵
- Executes dropped EXE
PID:5228
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7984,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9484 /prefetch:82⤵
- Executes dropped EXE
- System Network Configuration Discovery: Internet Connection Discovery
PID:6760
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8032,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9612 /prefetch:82⤵
- Executes dropped EXE
PID:6772
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6636,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9660 /prefetch:82⤵
- Executes dropped EXE
- System Network Configuration Discovery: Internet Connection Discovery
PID:7100
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6620,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9808 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7088
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=10052,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=9956 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7068
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=8008,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=10224 /prefetch:22⤵
- Checks computer location settings
- System Network Configuration Discovery: Internet Connection Discovery
PID:7056
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=4856,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=10256 /prefetch:82⤵PID:7044
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8056,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=10384 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7028
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8104,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=10556 /prefetch:82⤵PID:7016
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8068,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=10700 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7004
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8136,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=10968 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:6988
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8140,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11096 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:6976
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8180,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11132 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:6960
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=11472,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6344 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7788
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6448,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4052 /prefetch:82⤵PID:6796
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12348,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12652 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7024
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=3324,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11388 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:916
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12868,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12716 /prefetch:82⤵PID:7652
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12816,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=7916 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7468
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12788,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12764 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7840
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12972,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12392 /prefetch:82⤵PID:7972
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12976,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12984 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7988
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12804,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12280 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:8128
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=13196,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=13188 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:1684
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12356,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12452 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:3988
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=13208,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=8664 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:3852
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --field-trial-handle=8892,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=4916 /prefetch:22⤵
- Checks computer location settings
- System Network Configuration Discovery: Internet Connection Discovery
PID:7728
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8164,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5908 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7804
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8960,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12612 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:6932
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=11972,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11964 /prefetch:82⤵PID:2116
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=11968,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11956 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7396
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=11640,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11616 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:6188
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=7920,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11632 /prefetch:82⤵PID:6820
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=11636,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6232 /prefetch:82⤵PID:4724
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=6220,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12244 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7532
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12112,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=5844 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:3388
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=13164,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=13108 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:396
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --field-trial-handle=12880,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12808 /prefetch:22⤵
- Checks computer location settings
- System Network Configuration Discovery: Internet Connection Discovery
PID:4972
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=9068,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12844 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7092
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=12256,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=12756 /prefetch:82⤵
- System Network Configuration Discovery: Internet Connection Discovery
PID:7872
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --field-trial-handle=6544,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6132 /prefetch:22⤵
- Checks computer location settings
- System Network Configuration Discovery: Internet Connection Discovery
PID:5332
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --enable-quic --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --field-trial-handle=8096,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=6472 /prefetch:82⤵PID:7716
-
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\opera.exe" --type=renderer --extension-process --user-agent="Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36 OPR/112.0.0.0 (Edition std-2)" --with-feature:cashback-assistant=on --with-feature:address-bar-dropdown-autocompleted-domains=off --with-feature:address-bar-dropdown-unfiltered-full=off --with-feature:amazon-new-ids=on --with-feature:cashback-assistant=on --with-feature:continue-on-booking=on --with-feature:continue-on-shopping-via-amp=off --with-feature:continue-shopping=on --with-feature:continue-shopping-2=on --with-feature:continue-shopping-5=on --with-feature:continue-shopping-structured-partners=on --with-feature:feature-remote-disable-updates-testing-flag=off --with-feature:feature-remote-updates-testing-flag=on --with-feature:game-servers=off --with-feature:gx-post-mortem=on --with-feature:gx-reactinator=on --with-feature:gx-spotlight=on --with-feature:gx-video-to-phone=on --with-feature:lucid-mode-hide-text=on --with-feature:panic-button=on --with-feature:password-generator=off --with-feature:play-again=on --with-feature:run-at-startup-default=on --with-feature:sd-suggestions-external=on --with-feature:session-restore-attribution=on --with-feature:side-profiles=on --with-feature:sitecheck-age=on --with-feature:tiktok-panel=on --with-feature:ui-compositor-multithreaded=on --with-feature:installer-experiment-test=off --with-feature:installer-bypass-launcher=on --ab_tests=GXCTest50-test:DNA-99214_GXCTest50 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --field-trial-handle=11952,i,3186541691011722046,7267277445583062939,262144 --disable-features=CertificateTransparencyAskBeforeEnabling --variations-seed-version --mojo-platform-channel-handle=11848 /prefetch:22⤵
- Checks computer location settings
- System Network Configuration Discovery: Internet Connection Discovery
PID:6532
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:7404
-
C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe" --scheduledtask --bypasslauncher --requesttype=automatic --scheduledtask --enableipv6 --bypasslauncher --pipeid=oauc_task_pipec12dca2c6d0f4844aad7502765c893291⤵
- Executes dropped EXE
PID:6164 -
C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe"C:\Users\Admin\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win64 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.60 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff78bac9a0c,0x7ff78bac9a18,0x7ff78bac9a282⤵
- Executes dropped EXE
PID:6264
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\9B44A87EC5AC\installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\9B44A87EC5AC\installer.exe" --version2⤵PID:6792
-
-
C:\Users\Admin\AppData\Local\Temp\Temp1_granland.zip\granland\vodmorp v2.exe"C:\Users\Admin\AppData\Local\Temp\Temp1_granland.zip\granland\vodmorp v2.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:5476 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:6720
-
-
C:\Users\Admin\Downloads\granland\granland\vodmorp.exe"C:\Users\Admin\Downloads\granland\granland\vodmorp.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3812 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:7856
-
-
C:\Users\Admin\Downloads\granland\granland\vodmorp.exe"C:\Users\Admin\Downloads\granland\granland\vodmorp.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:6916 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:8056
-
-
C:\Users\Admin\Downloads\granland\granland\vodmorp.exe"C:\Users\Admin\Downloads\granland\granland\vodmorp.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3988 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
PID:4780
-
-
C:\Users\Admin\Downloads\granland\granland\vodmorp v2.exe"C:\Users\Admin\Downloads\granland\granland\vodmorp v2.exe"1⤵
- Suspicious use of SetThreadContext
- System Location Discovery: System Language Discovery
PID:3652 -
C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"2⤵
- System Location Discovery: System Language Discovery
PID:5888
-
Network
MITRE ATT&CK Enterprise v15
Persistence
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Privilege Escalation
Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Event Triggered Execution
1Component Object Model Hijacking
1Defense Evasion
Modify Registry
2Subvert Trust Controls
1Install Root Certificate
1Credential Access
Credentials from Password Stores
1Credentials from Web Browsers
1Unsecured Credentials
2Credentials In Files
2Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize471B
MD58358092757b62f879cf39dc9274894ca
SHA1e7068d70468359feb00884ba5e860b057762903e
SHA256d72b634cd47262cf36febd296ba48f3f984f972da03116c3c0c16e94b7f5738e
SHA512b46b91602490518f7c1e2517fc133c3a25408a635a06861753d89428c4e155ed48a216353af132e2989e4bfe6c79538cc17d669eee11cb2acd9dc6a01dc5e833
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E
Filesize727B
MD5f1e180eefd825535a1f0e17d3cd63674
SHA15648d7a9b87abe0b24696962fd7a232f43b946ad
SHA256a2e4c97ef9fc4a9fe8ac8b8b815004c9bc7a4886ead24138057cfca7276156f4
SHA512c9e835e181359d1972261798b7cabdfdaa5cb32db6958e22c66eab75fe081e171d7923d1ad1565a22fbefa3b9885d7154418357d52dbdf19442db709aa7f5e78
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize727B
MD5450a20c7cd4725091e05210dcede2adc
SHA19c366f918cf35c368b1ed96ae81b1802c7e62dcf
SHA256053aba9b5b9f5674d7cb90a5b1c16fd23e0dbbd3555de12cc09700cd038010e2
SHA512b09294e63a634f43892adcb6a58b7f7d084024ff35b9d82d58563bfb674d647d61700ca33fec5c1414eac9f2c13dd1e6d77cac189bff05b375e45262dccb6b6f
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB
Filesize400B
MD56db45199949f28cf62726aca853028bf
SHA1f9d56ae0361fcb75dfea0859d856ee9d02c79a61
SHA256889ffb3658e28c3ed009fd32a230b260dd30bc19b811022e83c28f047148ee6f
SHA5123dd1cb9b75ce5d05dad2aab292196fda719814120436aeea67acf66af219e88bddc1ac41b8c35a616207bbcab39cdbaa1849ed5a3d0519ec88e766b81be84b7e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E
Filesize404B
MD5a33e0211088a8cf11dcd9ca369940e02
SHA106a48780f610c1abf22ca469b00cb3e14f8d2514
SHA2564e461217569ad01df148fa4b4526c8a612cabb7493473f64fee8d1c15bca0682
SHA512c2ff03cb96b11a4abe20cf4b661e6777ce36490e037f2f9eb51f3be8b400930593b92b7e154d000f59803e90765a2129f0d0b2f18edc9bdaa465f4dfaf71d0f7
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
Filesize412B
MD5dff9c984b908f19060138f322d97650e
SHA1f92fe72052bd07cf63361caa804d26a09cde9f51
SHA25603ab6c24e38818c2a4112f90d72528e7716785eaaf5c0f6ec406002498d5a55f
SHA512456fd25cf9af2a18cfd451b20b189a943713c9b6c56bd42dfbea77bee2b8b8fb34b45e1aaaa999efd91fbce8f0be2cb51a0955d0c077e2e7c033f471cc3c8cce
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419
Filesize412B
MD57ff35c17b4b81f35d36b3ee8796e6283
SHA10b26f3e3cb3839199a598df29baeca2c360c4430
SHA256145c4c994007c71b27256b69db3d68e212e9ed90f2516ed2aaf575f7423cc9dc
SHA5126662b0cffc9448d2a67e917085c830aebbac852bd6bfca32fc36f0e6ce0760e1d7853ec872a1dddf3e9603b437fdade5304e606c62972c0043d9d1f57eaa3031
-
Filesize
152B
MD5f9664c896e19205022c094d725f820b6
SHA1f8f1baf648df755ba64b412d512446baf88c0184
SHA2567121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e
SHA5123fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae
-
Filesize
152B
MD5847d47008dbea51cb1732d54861ba9c9
SHA1f2099242027dccb88d6f05760b57f7c89d926c0d
SHA25610292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1
SHA512bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7f031510-f235-49d6-b208-54f7590bbb0e.tmp
Filesize12KB
MD52f0fc21b682c0c58c59ba4fed967b751
SHA14a19aa710287442d35623eaf5afdcf4b00555221
SHA256626d80d70315370f1d2de407d310440b1944d824a94eb6bd316ba6fe3860c120
SHA512d198c14a00aa963a60f233c1c30986bc04bfd564be500c6ee996349910bf5092039c05fe71feb36fe79359d7de2d8bfe2635205fcf4d5facf0f808e003fa4795
-
Filesize
51KB
MD55a7091bb1c4982bde3f9d3901587c11a
SHA12c990a8d38797d5dbcb8322219fc9d828aeeff29
SHA25641c8fb1312e45d8c38f20cce6e9b922f39ad22728366566aa135bfca41e8e725
SHA5121a8628e84210a47deb5d626d0f3c3ae39113e72a71df7ef90c6bcf857cff336248bc2a07a3b9be4cc66bf90587636dd34213eab52ac27d273c74c6005b3f7e4c
-
Filesize
42KB
MD5c18ac29cb1e1afeda67dcee7b8fa497f
SHA12e2fca9619705de092131991d0129594aea866e2
SHA256f5f3e3e947878d45fefe0b0a2f895a13010d3121eba5e9d07bd1d79e01ddc3a0
SHA5125dcae0c20e115715b382792e9b6293e644d44b644dad8a2960a9815beca0ba1ff2697118d282580c473643f97442b61380bd59a5ff92eb50bad11e96dc81a48c
-
Filesize
71KB
MD527dea77095206c9648b3bd235a71eb87
SHA122ed7e82c7ec8adf40e4c75fc82efe1562e6e541
SHA25609c5ee7cec8b9e8dbd7e8922bd001538776433b607058c8de389009cd95cdf1f
SHA5120a00bd2c2199622cec0d871b4571cd52ff02e2365386b99132184a898f5e744474baa7ec5259591e077f36eaa11f363f335aae452f73dfe92c5d741a53d7c05e
-
Filesize
83KB
MD5e1a619dd21d4a5734f261b28aefb3ad0
SHA120b42c0d579b10561fa12f7f1a89e30b050883cf
SHA25618fcaaea521bc3918e08df85211b453a8db292ed40ca6c40f2cf44be1cc27b49
SHA5120cc35722fb02203f8fc314e76cfcfe49f5a0d4586d25c8ca5b0ec50ed703eb9675f0fc030e65ac9180a97dba9258c447063cc72d66acae577164a8702a5baa1d
-
Filesize
210KB
MD548d2860dd3168b6f06a4f27c6791bcaa
SHA1f5f803efed91cd45a36c3d6acdffaaf0e863bf8c
SHA25604d7bf7a6586ef00516bdb3f7b96c65e0b9c6b940f4b145121ed00f6116bbb77
SHA512172da615b5b97a0c17f80ddd8d7406e278cd26afd1eb45a052cde0cb55b92febe49773b1e02cf9e9adca2f34abbaa6d7b83eaad4e08c828ef4bf26f23b95584e
-
Filesize
21KB
MD5660c3b546f2a131de50b69b91f26c636
SHA170f80e7f10e1dd9180efe191ce92d28296ec9035
SHA256fd91362b7111a0dcc85ef6bd9bc776881c7428f8631d5a32725711dce678bff9
SHA5126be1e881fbb4a112440883aecb232c1afc28d0f247276ef3285b17b925ea0a5d3bac8eac6db906fc6ac64a4192dd740f5743ba62ba36d8204ff3e8669b123db2
-
Filesize
108KB
MD5ee6ed6a06919eebb03298592f65039ff
SHA11e68a260c2da0454164ef4c661364c47cb358d0a
SHA2563593226c57f4917096874fbd89bada5d4c0fda78275f8d2c635035d725ed8946
SHA5129d4e1f5ae577587095e99ccc2ccea7f47e9296b88990fdb6e423058c4d35c103444af2e074cb1a5a7189c39f28507101408c5a7b8fb160664995f7bbd2110cb8
-
Filesize
71KB
MD55009de30b5dcbc412f164684b0fa7be8
SHA17ac8b15e248af2258ae74370ea9634e035c94d40
SHA25661ce8e16e0dfdaa55dddd2aea78bb3af234efcd3da0a6f306f09a6bd49a94e4e
SHA512246edc05089c1efd782c17ff852283294757e157545592b4e452945bd8d73d91bb0a812fa40fce104c3cf6ef443f5f413bf08adfc889cb92794c5c33ab709715
-
Filesize
18KB
MD55b05c1892ef061103f9261eed226d18a
SHA167dd2c1f7b30dc8f168824de806690c8c9a56c03
SHA256523f1da16cba73874fabe71437f268ab798c8bfdfd2bc48aceb38b1beb84b4c9
SHA5129721c47a81ba89567f32ea72f2ab870c77862a93258bf249a6993344aa6c711496e7c275594bc0704362e9e2ccb5274be207fcc5bf6c354c84c0e5adce6da3a5
-
Filesize
42KB
MD55fb688e9706c7a8ed06b9116562e92a3
SHA1c8407911463e5a0b3922f2897b8eff39e5bce991
SHA2563784eb62c70f2a03cbbd9467b0c997fdb1e3ab279a1ca0bcacd85580be308a25
SHA512b759ff970b22c1b565e0443bf26b413efd6576f09e216caa2be61dabad512bbc4809e7ca8cac37ce95b66a9122755da09235eb041c858d80bcf5c270cea57982
-
Filesize
36KB
MD5265de96d25dcd5db3f1b208beea2fa31
SHA1508d86b66d8c2828b8dc1c09b8c55c0760eff04a
SHA2567cc0d250dff99f4b003c15d1cab767a6339f739ea0b84ce5233f90614bcdf470
SHA5120081d6285df8e9bc9d28eb1bb340fd47f5a0e33b050dcd100c25a3db68524f5016e4fa15e4ea8cafd0ec725f781f9d03ff39ed5cad3065f05df73ec42f87aa45
-
Filesize
16KB
MD5e6c49d75229345fa60077f9602728408
SHA18f3d3afbfbc17690e5baff9f108a34ed73d0280e
SHA256829ed2913a69d844de51d39f0def959a9c040f5b3eeb1bf593f7ea42334e7da7
SHA512afa93a62ab1c2cf273f960aeffbd98f3e8f183004884dff96ef474f0ae29ed2e943c73566eb8d05d70f1bd9c12aa020077700aee07c6a57eeb6f6b3f7aac2344
-
Filesize
200KB
MD5f6504f8bec86212dbe3e1b19bf842bde
SHA140b5239d845b3123540acfc77af8273a80df74e7
SHA256b25f2bd14e56585a4a597c65553c84cf9e45756c2ecb364dc9eccfe68627da9c
SHA512662a38b7cc4fc3eaed20643adf2a435aa5df92d61a3191fa23ff3ef1191ca04b6fd6226fa09f55bc1e1eda66baf05ba94cd061b40769ce65a627138a8564b45b
-
Filesize
22KB
MD5d17ab3aff0d966473533740be6b40946
SHA10fc31ae5802200d696ae8eb77d7f1b4e19d90efa
SHA2569b8560a698941ccb7d57426ed5ab016fd4103b99285ca5305b40464d982bdbf8
SHA512f5164e69da2ecbd94369b4f5d83c9bb0de149cb215a636d7080c01af0cf4ae240939f2718db0afd2d277101fbb0f89669e82e33ab9e4194935fda11d64b0e764
-
Filesize
54KB
MD5374a181ef5b97e4244c5ecc4c26949d8
SHA1583d365409ecb523c9a0c67a83942a113a63553a
SHA25615eea16423dc22889815a20f41a89df2720235d6f9f030cd3e37c6e0e7bda046
SHA5122975b75b1fe22db9b31a36aea91d6564c5b5ba437b1a67442e5e693c9c5be25bd176adef16b0356dcc1fd62985ce54bc6d8a948a83adc867fb95626c632c950d
-
Filesize
31KB
MD52ddd72850aad734df7efab530d9a58c7
SHA1c08f8ef118a8fe67cf885bf95a5e06071ea3b313
SHA256b7a4aeb69c011be9ae0e8ee11d0722fbbafeab7e8e2f5bdb1711c7c9ec6f21dc
SHA51210c8a0dc3babce43d927fa229383c9f7d79b2015639af10ea7413e434a4899f86d22e9c9224841f73de90a61c1bac7db99bfa0b198a3280a6fe9328fbdc8c769
-
Filesize
51KB
MD58237d91cf9dfc6ce83cfb7588baefeb7
SHA10d950cddd66d3ace9e8f937041c6217f9da75089
SHA256644414b8ba6747f657c5cf5d12335fd6b34fd249b04771e2b2d023bad64ea1e3
SHA512f3d6dd1f3d84ddf9936e6a8ae808ee3d09b5f0d5b7592949150b7a1ac8157f651ace88b3427cc0cf3762536bb6b0be55498af43172506a18159c422ad3993de9
-
Filesize
76KB
MD5bee475ccb0f67f3f53faecb4bbf32491
SHA1f5241c6443e55d47a85ff08696db1c2d1c716db6
SHA256475cdf283c638297604fc65ea9d14d21a408102c78df8e90d70f210991a25269
SHA5128439cea82cb639c7a11287e1da8c905801804e3cac73d9e9c7942da290cdc8443dd8c5b3e25bb7fe009b2c6347ec6b2cfef84b1a9773701114a485221a0fd1d7
-
Filesize
142KB
MD53a906c28a1dcc31a08064e5fdf07671a
SHA1bf8d3f85b0de7061bfed1500b9edf497491f700d
SHA2566c66111c5ae88727d30ac5eab61f8ccffdefdc3c44b0c39387add48fb1205261
SHA512e5b53ed9a830eabe3489065a7c2374bc68764d17385570afd22af41d94274786d19151f87637768608bf64216a8642772fadfba5d3ba7516867f61915d0892b5
-
Filesize
147KB
MD52ffa40a18e79cdc8e4de8109a647f37c
SHA19b663751e7ef29ee8a46e40c565e47f02bd60779
SHA256d40c5f48fe21a5206cfdd42cae37a74cf2d23f1f9e54925e7d33d3acb0df246b
SHA512e816903ac4ea642991caa2126b743f7009b221d99d80f4516a953c8bb9ac208ed58a7c1c99c78ef7685e43eb7ce3362dd416176ddf73ae4c920047822d18f061
-
Filesize
20KB
MD50c4e029571dc182bfb39161f25531f06
SHA177b38d4a247b63881e7b9be324979c203987ae4e
SHA256fa5e2241e03bf7f6357dbff6a4716e4fee8b612fcb241ce68411552ba643cee1
SHA51251501b8f4caadf0975eb5d1b3e193c3215c3b0706f7203d9173c8bbd3149526e9134b8b87ebcb0de6f1ed44e9f735ea3871201ac476f99e463380fbdd39ec7db
-
Filesize
62KB
MD56b04ab52540bdc8a646d6e42255a6c4b
SHA14cdfc59b5b62dafa3b20d23a165716b5218aa646
SHA25633353d2328ea91f6abf5fb5c5f3899853dcc724a993b9086cab92d880da99f4d
SHA5124f3b417c77c65936486388b618a7c047c84fb2e2dd8a470f7fe4ffec1ad6699d02fa9c1bbd551414eef0f2e6747a9ee59ca87198b20f9f4a9a01394ae69fa730
-
Filesize
31KB
MD5c03ff64e7985603de96e7f84ec7dd438
SHA1dfc067c6cb07b81281561fdfe995aca09c18d0e9
SHA2560db8e9f0a185bd5dd2ec4259db0a0e89363afa953069f5238a0537671de6f526
SHA512bb0fd94c5a8944a99f792f336bb8a840f23f6f0f1cb9661b156511a9984f0bb6c96baf05b7c1cf0efb83f43a224ecea52740432e3cfc85e0799428765eefb692
-
Filesize
20KB
MD58c34c7b82f4668c975defa63ea3c9911
SHA101aee6e4857efb1898934c58dfbaab60a9bafb75
SHA2566fddf44c880fa4ab45d21e764fb4371c8820b7b1c49502ece0fb5e1eab95ab3e
SHA5127b8db2103dedf6b36759771c5b0451d6e2feb8ba889a07f1dbb869c229739e4343636ab5fe0bae8ff7ae5798d533caf3e408e34b71be72d0bfdd076da5a6104f
-
Filesize
63KB
MD567e59a06ec50dcd4aebe11bb4a7e99a5
SHA15d073dbe75e1a8b4ff9c3120df0084f373768dae
SHA25614be8f816315d26d4bc7f78088d502eff79dee045f9e6b239493a707758107fe
SHA5126364515e92ed455f837dcc021cc5d7bbab8eac2a61140de17ff6a67dfdbbd8fbdded5ce739d001a0ba555b6693dafdb6af83424d6643ff6efddc46d391b21d95
-
Filesize
20KB
MD587e8230a9ca3f0c5ccfa56f70276e2f2
SHA1eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7
SHA256e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9
SHA51237690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8
-
Filesize
330KB
MD5cd6db4ff06ea373947591ecabf4b729a
SHA104cb4d72f9ccd171a67826710d37ad4bfa51d05d
SHA2564f2202f557c32bbc6279b5b5bf628142f4c5984438eaccbccccae16253753710
SHA5121ab3cf1749ac327ebd7b92081923fed011b2145326ca30ee905e89a01594c9a3041274029426fe1f4976393cde515b2ef0dcc40c54098da492526d927458e882
-
Filesize
25KB
MD542e84ebcf5470237abd1f9e322b751fe
SHA1a828a45804554507d9e8521c36109e8bc3d5eca2
SHA256a9fc7baee3689f0331e46617f60d6e7c3ed631209b7211e7dd09cf20d22a64c1
SHA51236606d42aee5689819dedf221af3c6c0da06aeb9997b9ce84b42db42ab80a0926352219f1e47f2287dcc850fcc96e4eefd5e487e09e1f1228102eced11271e25
-
Filesize
33KB
MD51aca735014a6bb648f468ee476680d5b
SHA16d28e3ae6e42784769199948211e3aa0806fa62c
SHA256e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a
SHA512808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86
-
Filesize
125KB
MD54ec22168658af01bf7fe3eb0ff0ed505
SHA1071b915eeeddfdfdd733fc51fd2da6ea4c884c96
SHA256e342060eb7b6b14cf6a20cfa6eb866172c001f4d30c4113b7b2993e4b7821412
SHA51282e3299c5888cfef5d7d8661dc84c769724ee77984c4ce7665007fd53484f14f4c37913cf82d195aee6fe6bfe5a154c167213d928ceed416c0d6cd338b65bc18
-
Filesize
281B
MD5f59983cfb94e5da2df50ef0adedabfed
SHA1fab25091a4f4b34de12e2979d75f53f73995b62b
SHA256e8592828700f756b894555104c9f03574eb84c1d1c64d4397da6c827f7d3a85f
SHA512369abaaffb9c1f2b44e1e53ca0144004ed8b025efb6706ba855b44103ca5eca7c92cf8342d1c3717b3071372d13acff80743d29367af3f31760cfff978e25430
-
Filesize
309KB
MD503bb8f36003734309451c82f9f7d1841
SHA106bec03fcca01fb310b023293010a282a0975725
SHA2560041256b703c7f7ff35d0f1f67d8c360f39bb8edebb67b091647d28738795f95
SHA5124291012e3f32744d5e857303268bcc06db6188a99d7186727d7e67844e3bd317a7cd04f295881cb9bfe56bb39ae2ebfd5ce7ea94e629573abecec2d7e672b9f9
-
Filesize
158KB
MD5d9d619d4e79cc134a9cb2348ad7d09d9
SHA1584d15fbd206ca45ad7ce7f3cfe0858b88fd0910
SHA256d0e756734c19c5d0bb18771470b99fa4cb05bd21de8914c2321591fe68a32ebb
SHA5121dcf621c438cbd24a12661eb52792cf135cec06127c24fc4240678347e7731d815b9e3af730b52eb6ddb7bb13c6d13c8dfb6155d15e45ccd2e257c2bdbe02636
-
Filesize
261KB
MD5e40ff44c2c70085cfb718d55e89ed588
SHA10a49786325b330f88a4aea5949e26ac7f2882e70
SHA25647ef9559dd9b9c49c6ed825cabac87006134c6dc28b681547bee0de470543da7
SHA512f9d95fc37df7baf72fbfb9b40c8d18e6e14b68141ff361de2bcb7879bac5b62bdb28f01d0d828b443d5b8fec9df0db942a24422a7730f2a817407c32bfb176f4
-
Filesize
325KB
MD53343f9ea3b46403a090dbe53061667d6
SHA15326d239719beedd1992b8b8eca85aa5119300eb
SHA2565ba259e4f6836f6fdb3e1e3935b1225bb1915437900be2cfe446553b44bfad77
SHA512c91aa2a12f169ef76ee2e7d2487a7cc52d2ed59070c17897a720325926e01c757300bcde506ec09fffa9c254bcca0048d77da527a213f6d34bcd0d769c37a9c1
-
Filesize
268B
MD5af0218440836e4f70a96d0c9cfa71367
SHA18e54546c1dbd335d7270bd103b36b512c416d2ac
SHA256f569ac7d47f2fe0a5261a1d68b069a4ff672250668d4ddf448114018b35a2974
SHA5127697ea64db87198d25687c41f43fa1b37b9c73e3826af8ce1f710b385a0583b0795256c248f18f07a8cf8671ecaedcbc243b173e41f03dee9e7b89ab68c165b7
-
Filesize
54KB
MD59650258496d98be8f14bbbc42b88bb75
SHA1de73be2789c5be13f1d7c715c847faea432c124a
SHA256f718b255a06617300e144d416677a76f32a3b3d0fd3c1aa9f2cd8801bf114dce
SHA512f45dafb21ea5d78b4a30c817484afc4dd1ea3855cd34b4ef1797ae4bae6e1e513226eb36213ec1368c02659808a98b8ed537c410f0a7756d02d941fc470673b8
-
Filesize
261B
MD59d770d1763eb23211aa925bc89ed5cd4
SHA1f5bbcd5117ee1a5f4bc1576e25e09807653a9919
SHA2562a4a467ad4ec53d8e0b5b95aa2547aa158cfb7cb1e50fca9782b236dd13974d7
SHA512b0c6b2c76861a15037e739b2ebe8d929e415028e53f8d48be4ff2df9cccc6369756d967f4a095fbda4be16caef6fd54984262b5ae62a24f6692f728827078bd6
-
Filesize
21KB
MD54030e681467eb4c0c9b000a2c91555ef
SHA172e2efea6284348f18162c31d922ae353b59ec78
SHA25616535cbbbbf843162ec7db00db405f453dd95a14034d68013116986278266958
SHA512526cd7db99c1c116881d34ff4cfae60702b0b3bf947a4bf96eb625e1a0cca5f4ba853fdd2b0994ce18c268cfb4381fe69ff9db77cf16e48f00b5832774e698a4
-
Filesize
264B
MD592de896e1dc0102004eb5bb9d676d788
SHA1489e02037158944448ed9a9d874031c32d6d02df
SHA256e6c86ca3615637a5e45882398092569a72e1bbbec91ccb39daba6404ff15571f
SHA512afd5d77d0c319c4860621a2b8ac12286c749f664987728cbeaf9aef5b841f963c1273e7327384d078ceb00efdbde097396c99dc30ebcd16916176c276c4d0598
-
Filesize
516KB
MD5bedde1a560718976bf6c353224ffbbd9
SHA10903c0c8fcb26024457911416c2c8be9bdd91475
SHA256ab2f096a13f61956ab1246b53e8d8bada5fde26d87e7477078f67f8a106c67a3
SHA512d9354e38029f57bbe01adabe7d4dfee2edfb0c6879cbf582fe065d0ba9fa76fd107b388260cfdf47753ccc31fa4ece704cdfe9cbc039e15d21883b94da53a877
-
Filesize
278B
MD545f2016f091b17f5b433be331d1283c0
SHA1f528d45693c7e34b8c2aa96934d67cab2cd8ee28
SHA2563eb66dd3d660e21603f4c5c42c5f94094b788fc6b3b533a72ddaf0923eedb626
SHA5125ffbcc21523e8afcda827a5c320fb54577c19b5d2483b951612c6e01239bd88a8fc1a54ac8455617e2ecef88bb29c8c58215d18f8ecb5bae754665ba67f3be82
-
Filesize
263B
MD5efcbb7f7420623c75f3f5bb3a99cbc1f
SHA11d3f4bf6c210b78210550f181a9aaf0a295ca33c
SHA2567d18fd316c32365e1f3e039b40c3086f89516b953fe95760a7022eb0c47bd2ff
SHA512eb39e3105145d6498ef527eac487925b78f45467e5cbea416c9d2a5900324a39f911bdb80947ae9e85e1f25dac113977c4e9c02629d3773dcd1c5f733e68e91a
-
Filesize
85KB
MD5f700af0fab19767d1828248ab12fda1f
SHA17a5bbd1eb5af63eb52a9cd9df2901cdff933aaf8
SHA256ffcd47a3ed9c57b744d109bb13d7524de7aa95970f84dc36e27b5675de04c36e
SHA51246c0205970d08832a479482dac49c8903ffb7a1619303f8df22fd85f483dfd0667b9a7b43ea200411b0cb7164de56018112891ce4f5218968a4ae31b66410522
-
Filesize
3KB
MD5fbfde266e9e4f8b0b15ef71a886b9b22
SHA175aaa68721178ac8fa2c28ac931e5ed6b1b4a515
SHA2564693f51b3e3eb10bcc05141655a60bbd058c5d2d317460d3ebe8f670ce209bfb
SHA51275ddf3aec2911f52c1dcbed92edbf9472d716af968888e8aa258a6907fdbebb0bbc173145c28f8f1672423ac9439390c11ce80390e94575fc4059882197a56d0
-
Filesize
239KB
MD5471633d008f8c93312fc521a46df1c6f
SHA107c3a4b6002c10197b3e2905bf9a0d37bee4800a
SHA256c4231d80304b216b8b8f1d39ce639a0161abc8c927c5e91deba85ae8983abe0c
SHA5122e3aed909f9f6dea9d23a259b0672a7b29c070864d5bd76f122353a92a675bb0df2b5c2af5b28b63fd07fd524b99bf1e2be7c4c56fda050ff44c81b2fade0be1
-
Filesize
14KB
MD5fce7977e5a1b29c019fc4b19683597f6
SHA1bd2bca806fa83c015b6747605c5d319cd92478e6
SHA256c1b91ca1ad99c325358ba4e34ba73bd967e642b7bc54c5c05c5827ecaf4ab342
SHA5128430bdceb4293b04d092bec16ab6fdf321398d31a20c25eed0ac7ad6ecef82bc962ffca0b6b80cea18ffdac4f891d46d1d7d8ee3893fc9dd79af5cf7176fef54
-
Filesize
54KB
MD5ef30c6208803720e3543dfd4c1f7dde2
SHA12c257ade37e5113b20078603023fe12a911056b5
SHA256c2d8a9cd7fa32d2840b723a01a378022e14e3bafb6e643509cb1bf0a2f0cd19e
SHA51211562df26e3addfce0fe5518898d588fd08eff28ff214dbe0be945e24c2698c57b1884362ff28743e796f56d16178f1e1d60974ac1b8023e2fe1e004bfb192cb
-
Filesize
253B
MD5c516a9e7cebfd9c220d2b1ed6819263a
SHA1810215b50171c1b3d393bebca93a404aaff77ef5
SHA25686f9d631fbdabb825dfbfc612c7c77bba274a4aa9d97f56fffeb980b67f39817
SHA51205e8dbd774a023c9f85920c4809e0044942660b9c59efb5b3b53c6ef357e695bf5725fd62fec2fb34191b0fcb390035a31dd9727de594ee27da33419a549b837
-
Filesize
379B
MD521f70bee8761d68f68800fe97596837d
SHA14f0cab7a815c354dd6da92c258a2f09b39ec913a
SHA2567066a6fdae68d3676301ae5967f25c0295644624880f0c45d087b3dab216a89a
SHA5120851bf7910136bc751ff3b4eb6f58327d3ee68121b366e50d3270390b6ca6e7d98e4b5aa66b87d5ec67f0697f873ee65dddb646ad8742556b87b7610961855e1
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5579ddba940da39c1ca52686f5a9e327d
SHA137cadb4f71eddeb5d0f61a04d80d6921315f390f
SHA25671793561341d6dd9894dd7b42002c2072b58dbaf0c904c5a3ba641c117de26b2
SHA512f23d6faabe9182589dea2d3337b036efd523a9f77eda76aad04151a61393c7ab59c66ef4d8cc97ea579328edcb8a187fc54488d7deadfaa32e3ca42111086b82
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5d047bac3be0283a423dc4e0aeb800751
SHA17e992ce8058f71b814fcf34fcb47e7d4904915e4
SHA2567a76221c63eb15b2ca1cdaaa41454b23970d86deb382ba7515a460f4e884229e
SHA512f0dae71a66a5f7e29c8c1091ca59be84eb7077d89a123249b38903bcc8ca476be308b435f0392076b7d7c2c2a9f0a1a57385dccbf801ca353d6fbf291a56f9a0
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5044da98d1a024dff05e7628b7394fb33
SHA1b38938654fa61f67b23b2de9fe10dd2bc5232799
SHA256a183b699a0322084e34cab07d9fdebdcc3ce3e777a63d7b40d18039a81549670
SHA51249460a5d1193e6d0c121e6c8786b146de22c8b5eb77cce12bc812c5755fb04376843a066a714af1d9ba85af847562f3b6cceb41e269767425734c5db2a132402
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5d1b5efcefb1f5d3c1de7765d1808da1e
SHA1b56bb5232ac3617ff969efc074ce1ee88b5841da
SHA2566e2571df4aa5826bffadc9f481101ee4b94d53ecbaf26d4976ec11951e7fa712
SHA512bb2fd363f7a1bfa9075b0a5813f66fdde9b4a75c4b0ce10069070be8f99c3bf539e2ea011485b8c5aeae8c6cfb87df6990dd43dd1185aa76b8f4a4eb3498beea
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD59882784c3e5efc74291432ef82d11b26
SHA14bd0780a1ed1da9000418da7e7d9851057670041
SHA256c96b5d7090de826a8fd0d5d7dc65ca4d496385e33c925699f6b4b8ad8624a271
SHA512c4bc9f5197ec011c1299ad221ef954ae61481956a33a3bf313aad459cbb216807c47fe0bc255a58caba042d0e9da626e1028df723d550717197c84a0093ac51d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize4KB
MD5b35fcdf144862eb9d56c817c13af39f3
SHA16c3e4289598dc7005afe433a6c8db3ef667cd9b3
SHA256ecd4a473fd5bc0872d8569c7b58a80b8c553bada900895ead506c8322f6fcdfb
SHA512abb6e15e31f4abac01f114a529b4e8f270008a00caf061e48896e5e7b9f3a3deaa392f6c49c3ea5a8b49c9479d4a8e855db8c8e0b094862ef38ee9499b7b452d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5b101dfabf9a838f1daaee19ecc5a4bc6
SHA11204415ec2b12cbb2481147463f651d87c4deaa3
SHA256d5632fb2bd929282b66550dcb2199b0359a8c6dee08ee6ac98abf3ca9edbd4be
SHA5129ba66206bd4546344c2bce915c5dd788938023c51c697c3b376eba47b882078c93d2300b57424fa58714d8a315462db9e44b91590bcbb511b03129acdf418cec
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5a083900cb05e08d1a805d876beb8e828
SHA1a7adbfb5b3d73828200e5a66fb6bc9dfb9c2921a
SHA25608f750aca663c13a52963afc4895242c884f1504563b8a1310ed0248e4e2d048
SHA512238353d3a042eb4d85285f56dcac049779c90a7f68a02bc4285a84dd4eeb0b0e4e081a1cf0d23428d28910a0db007cc355717add6af37b857ccc1b4dd044aab6
-
Filesize
11KB
MD52b180cfc838900a676df0ae142110713
SHA1a4847bb189e59eb05ff2ce39acbf816124dbb11e
SHA256c0f0defd66c85a092280afc4a9f0d0a9d7a65e3969783651be9d16dcdf3e783f
SHA5121e5f1342be134387363aedfb536ce49c2dab0cce5f51f79028fc6f019cef22e3878684102dc7db1a2bcb6fbdb5b3f83ff4219c4bfeac5d0dc0564df2ac810940
-
Filesize
10KB
MD50aceb147c09d1d647e0df8e5342b57a5
SHA19bc7cc144f4533ecdb3a4b8da6c8fdf132f6dd08
SHA2564bac41f3411cfbfb12b6ec5a0ebbbd55c337a123f73e899152809f7d94e9337b
SHA512f3c4d616565b4a74b83d128fb5d245879678fa06dff4864fa04430ef7b08ea07d7cf18859b6db7c018c0bbfbb3a97be9838f4bea1fe634128bb32985dcf0e72c
-
Filesize
14KB
MD582fb78d1f40926304e796006be5cdae8
SHA1c9b13aef46f7edbb3a176832e0912ee71dfd36d4
SHA2561017a6c66f903f7c313f2fd25749297537bdbb6fc297490abce353c93d6559e0
SHA512b244ef197b9d8c3b1d36c598ad076a8416cb7d86405d393b4b52ebf1b62db50a2a15e8c38385617122393d183f7e1c20704fa756fad367cc83304dd889680987
-
Filesize
14KB
MD5745ef7460edb8403b73f160a1aea5ad6
SHA1c711431cab85acfb75937011ebd96a9e3d7c6694
SHA2564a4b01746b1b27d341d95bdd8dd6860769717a98b28acaf1a6e3a0b3501d36dd
SHA5129bc25d28f85d07341dfb0297781e632b5817fcd9cdbf277886338d4e7759f5540e12bf4d5458a9da41b5955fdb9e4f1d3bc1ff804c4c7409752522150c5ea0b3
-
Filesize
12KB
MD5f2ec2e86f09332c6dddff83eeeb4dd29
SHA1710e6761c5935abbe9275a2f81d84d282c2656c6
SHA256bd67aca369cb61d9278df8cbcaae3112044b620a918b9059e6fb7c5fb0e1c739
SHA5128eff5d61eaf16e049d096cf34e44a635493a3bfafea30158fce92030c294539754040debf9f23f56871e2401f39a3a278b0457fde3a5526946f68d0834871ba1
-
Filesize
13KB
MD50c66cc8f75595e64c3f202ae111fa4e1
SHA104b0a424b8e078cbf993fdf3a4bced394d70c1ee
SHA2563e915933c108d2c4b33c3bc385d85247cbd8991c793e5620b77d63c106dc99e6
SHA512ea00ce441800174215023b7584700e0f6bc0d4aa7831994e3e0466d4b592c117611284be76310bc4b8d08fa141124d3c5a71751a851baa9e9e3605782cd0e011
-
Filesize
6KB
MD574c1838ace9ddadadee1ee093d014ffe
SHA1f6548984511270a3f2948139557e37dcb7df132a
SHA2569753104c311eb5b7d9430bb860155856b03180184cffce9e32971ec1fd3262aa
SHA5122e5b807923e8df96ab73597d149a4cf0c1567af7f48a0db03f72ec1f849017b94ddc0bed060dd2311216aa67fe193052b35e75ea618b34f53caeb516e73ef8ae
-
Filesize
14KB
MD51ea24d56e981eaaa492e8860a1083b62
SHA14388b6b215a8499cdf41e362675aefd4a3f89b76
SHA256adb6132b7375941b7aff2590be382d73a62ae7f2ea02d8ff4f737dc6bd5b9763
SHA512a215ea9a8fd7b66c9e5e6979668d351c2f31f08edf60485ed5fe8c31665f53ec4e1c746d096e53e5e0510803b79d0fd0a67a5bf6af606155e48a16bcbd1e42ca
-
Filesize
16KB
MD5353cbfa2b87af26f6ae0b558ba466a78
SHA10ef76e2b3d1eb1745234aaa5b31dac8be26ba9b7
SHA2567f5c167bf5afd65092be809499f5d870649aead38efd323f466b9d9711555846
SHA51285bc6320165d81a20dc4de7e556b42dc3f167e96f182fe23109d78c33c87c092670029ed8d43549e0665a2a56a2d9584162c75f82172777a5dff67a39a652d29
-
Filesize
16KB
MD59332ff06e85032455014b96dfd81cb89
SHA198c949a83bf3e640218d0eeaf47fcaf124f66b50
SHA25657764c93f680cde5868a34262700f4b45015f5f05e1a9c84c90521725af4d53a
SHA51262a38ea52789c6f0b481294d1825a239104c8ac2ab9f1c496869160cf738639df6d6a16781b5548d95ef8b34718ef25f58eb597c81d3d0d646ecc438fcf39a2c
-
Filesize
9KB
MD5aa5ee857197b30720f7a0765d3b4e819
SHA19efe994805315fa8db798bba5ea667e281c353fd
SHA256436cfb0b4e42bd6812bb1bec170f48574bfb87aa9e95695a1d24fec51b75d6b5
SHA512ef4f7d93b0fa9df813f1e331394e0e6fce6bf7befe403debeabc0a715c10279ac6f9d445c2bb334eada332456681f0dd9f54ac69dd7427e0e7bc7c0c590390fb
-
Filesize
8KB
MD52e11ffa649f9fe70bb81a000493dab30
SHA1f6d0db620cb728dad3a0bd9a500d82af36bf2ce0
SHA25690f47836eaabf9a8af53af9ba5722a70ce49b54338e89d37b1c05a4183754c6a
SHA512845de21ec4eaf70a5b4ffeaff482d4682f073613b4bfc06e1580b91fa46d66d51472b034c3726bf08b508ae2269bb658bb3b1762b349e1b272ad4212e6168f6d
-
Filesize
14KB
MD5a2467f6f0520465591350523cb47e569
SHA1d070873e487cdb2fab67297e6aa865562725d9d9
SHA2560d4d19add2f9dac790ffe35bbae99d79634466b08482381b4b2981a863b56af7
SHA5122f9589edf3217f4d93f72c693a2ee26fde17fcb89efac761f537d7cf4a674ff3c90c89bd73e18ab6ab41dc1ad911e2612123a5e8e65b7e44c943b3715a2cb2cd
-
Filesize
13KB
MD55b9ce51f9b8cf4c83a51307bc87daeda
SHA1128f843ffce23305bac6df2fa76db4ede9885420
SHA2563bc99338b0800deb617398052b505b4443072922de65468ff7ed0913b6f67526
SHA51286d6ec48c619dc2fe9ad2e96c8cdf813b8ee8b2dcf9412f0d17bab024454282d4399771400b97d8597ba11a7363afc923566a49648c14c3a8cbcdc1395be77d8
-
Filesize
16KB
MD5b1562bc6a3a52bff8e02b867ebea32fa
SHA109512e6af99a201484cb482d71c84ea7dca7fbaf
SHA2567551b98b336b8e1cf0a33d6be9daf2d789ad0be928ccbafd1a07f42deaddfe2b
SHA512b203e6397e8f6598dca89b58f0e961bbec9b51d6bade024cb39f64f82443d5b6eca3cfa0e6dbe5e2d466a43eb62b588e85f55e5cdd9596e5b20d178043b9b0d1
-
Filesize
3KB
MD5cdb8c84198b5a57b03cbc61416fe55ed
SHA1b8a680d84d736f7e3ee0ff592dd6555535833660
SHA256ac9f0788f3b88cd0fa9be93ca179f25dff3780559f866ccd329c2ecae7a0768c
SHA51267c9102be90b362f40a6082bb4244d945f00cb60733148c87caf4a911a2a0c8281f2dd4a43174b9d6bb8555997df3bfa21c1b8ea6a862e4371e8b2b2f127a501
-
Filesize
4KB
MD5b9a242a90ababbc0b3039eb85ce98028
SHA11dce6e2356abdb4a8849dd76cf8782789515b5fe
SHA256039688089cbe21934ea73ff93197741fea036123a2bbc85f15c0301583ba7efa
SHA512052c74f16c6b7d99ac8e8457701d8e5d40ed51fcf3b4d48a1c9e2a6f48712a7812be4fb3effa6363029904e41f2f82d35107f9431e24f5384927ea0af4978a75
-
Filesize
4KB
MD594f03ac8004fa81fb7c4b94795db055d
SHA1b928affce6a508fb4eb83ef94b46a27f995381ce
SHA2561a1dfe8f613e6d16cc6acc0e7bc494c694141032f4b2be5fae807b3dd6d1dd99
SHA512719bb67cfb36cfc392351c4074cbe48dc4592fdaf8243d5141b99623328927574b0d1d948741677e7a2ee3258664f6d9dc916b0c3a722a40862e032659a202a1
-
Filesize
4KB
MD5963a6d753b40741f323866cba5808c8c
SHA198d2ce3ea0c6efb42f9e07b19f58ede898efad3e
SHA2561cb683ffd954918da1a5d3cef06d4c664906a2404a31f067360451dc45f28d35
SHA51279ff22d0b37c63d3c2af066fcf61d39f97ae8d59f526ffb1cf1abd36ecc0c294275de831cb087a4e7f1a9572498f859f9f3de2da7a8860e2d082f64b8827de71
-
Filesize
5KB
MD5678abd3c2e11be862f9a4b92379c13d3
SHA1143863019c8f2fa773cb6237625bff4d22f795d5
SHA256e74207f1ad7cf6b7bec3752f0f0132b3ec9161e31d8f2dd1dce6bb28f9287924
SHA5124940624be4056ec23c1819eb82434ae25d9ea841065ff7927e1e6c45722896358ad5dae71ed56c6c80483ad657331f8f8180c615608628d19103a326dbb1dafe
-
Filesize
3KB
MD54650dd4fe60f57fb19ae0f21032e040f
SHA1f69d4acde82500905db4615324c86aaa50d52a8e
SHA25656630d834b557cbd96d3887b6eed12af8172edcb2ad9cd5940e31db1ba8852b1
SHA512d6fce16a3bb68492a82be3dbc257471216e3caaba87d055ab6966d5c7635e85f9c04cd5b21eaeb26daf95780cc44f58299c96f3defa8367339fe567fdf0549ea
-
Filesize
5KB
MD50f984eb79878bd84a37ba1fdd0474261
SHA13a2e51e5c6849b6225051dab613e87c3d8d2a78e
SHA256ea73ca46e29e0d487b4e9c7704ea642a4f23515b4843e35f210adfad8c0430bd
SHA512325d78d239f824fc383aff6b90bd417b82cd59cb283aa6521621f7b5678dd2f457e0e55fe81d1ceb3fb267d34868f18a5543d1d41312f86d8147280f485e2c0f
-
Filesize
5KB
MD5f4ab7b0b4abbfa69b7d825aa2c843623
SHA14ec37b77459f53fef6338f1a5f93747bf019c023
SHA256bc02df57d3a13f6f3ea5e977bdbc05c92258657de6976a724d4b73b54b0c4c3a
SHA512bedfc0af4949a560fb788d20ed6ba6900c419010b80209815f890c2b0ec02e0d32582ec11af181df5a41dfbadd586dd050078e25f81f5fcb0a18d422b93eab2d
-
Filesize
3KB
MD54482ceb980a36582dbfd5cc6bfd2d166
SHA1727bf2fc6754959cac6db90fc2362fa70aac55f6
SHA256f3345275ba01c65076e9bafbd8a26999977e4014f68405a7b8fb59e73da3a1e5
SHA512faf2aebefc0bd781cd243fdcd3fec8073408cecd4079a2c86aed04b8f49c315c3436c9622a66956cc327a215bec1cbf32e6bb2b39de8c0c525f657f03df336a6
-
Filesize
1KB
MD5d364b3f3a55b6ef48e4c33226250130d
SHA10d5eabfd50c8e5e69f24e5d04540df551f85caf3
SHA2565a667083665655884165444ba624bcd02bd5ae365741f725bb889a7fd4ba3cfa
SHA51242cb8feddb25fc007d5dcdc0143c3d87bac3a1fe672d8200b101d253129b315595f0beb29106fee04248a80ec5581efadedd61b323968ed227b2f367bffac93b
-
Filesize
1KB
MD539060919ca6231c87032ae12d6f6e48b
SHA15205592211a45631ec564e43e89d0db2ef90e224
SHA256766c002afd08eb3aa82d6e9032c1fc479932af91a1674fd79edd78191cd4da0c
SHA512f69c97f6e2c0497cf9401bf8e41788447fd6df6df085d9b527717154abe4b1efd4fd64b5044cc006ac6fe80e70d3e2515b1bef35e9f675a46ea5b06e0cba3c00
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
11KB
MD50ef30f50bd9ff47e311cf5b1befa2d1e
SHA1de674ff18c4041f914faeec7ff2e7f06ff8c3b77
SHA256fcb82cce85901c071fa9ef0f1a0e4a95c8a15ce3c0205644b7861785394d0b7c
SHA5126372202e3aa73e5828ec74dd312a5e66f0e9a24bf35554205a9daee5c0d84a54a7ba75652174e0c05e54f2aa18d277349cb405b9f97e7d862232a685ddf55322
-
Filesize
12KB
MD502576fc702ff1a18aeb646a37dce9cce
SHA14fcf65e07113fd3f35f6c5b91c0ac8d7a3540e08
SHA256568b39f7a4b8a6d8fd968fc51de67d36d4794b35e724e7375560ca20852a0c16
SHA512ab5c50eb7cadf7d13b0bac9cb5bc27b8100d7a077223d2ac4b205ca5ec41e895c59ac11707a539ef72c10b9045df5519a891b03e0f62d462b1d21bffcc255860
-
Filesize
12KB
MD59e2af4642997deef7d46ad25140cb41b
SHA153dd1725b96d8c69914c147dae70803f6a8cce6f
SHA25608da0fe3e743e02d34c594e67f7dbeffd8c50b5d7b5a4d8f0814965822981b76
SHA512868ce2efc4221fd9001d020ee8c104bc320f23d8e626dc6830fe75b646613ec88328c3f89c7a7da733311775748d95060277ead5de6b2320b21a88a9c429a065
-
Filesize
12KB
MD5c7138fffc5b403c298523ac707cd435b
SHA139dc32dd48f69c57c898af3dc1ec3e5dea4155b1
SHA256ed06f9d0a54a5f7b9b459e6c421522e1b0ba14c26dc374880e0ef1f9ddf844c4
SHA5121975fd9e793dcede9a57bedf5fb0bf6ebb440fd480499e1f8a0ff1828aefccbe94bc480e8d024aa82f0d39bdb5686e859db0ca4b5bd6d06251723077302609e0
-
Filesize
8KB
MD50962291d6d367570bee5454721c17e11
SHA159d10a893ef321a706a9255176761366115bedcb
SHA256ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7
SHA512f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed
-
Filesize
8KB
MD541876349cb12d6db992f1309f22df3f0
SHA15cf26b3420fc0302cd0a71e8d029739b8765be27
SHA256e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c
SHA512e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e
-
Filesize
236KB
MD58eeda41cf4bb6900216e9a91e69bf857
SHA1858fd2e9f90a1a55c4a7b6de5c1eeabc851749c1
SHA25600cc54663583ee631fa4063b2af65b89b3451c70435d8eaf9f8332b5cde916e7
SHA512eb08d29c0f317fe0b3214bbe56cdc3b6f9c0c6a4289fb6c459f6915c2e227b507e32b8763ffd28bdba829de7cace4c3816346b30550410e9d09a2b637d921748
-
Filesize
2KB
MD5e90b6611af64eef2ad8fd0258425eaaa
SHA1450137c5c1b84341b4199283cd44fde86c9a7415
SHA256f748ac9c87346cc3d5679f751031d0cae9d0ebc615b5256e73032b0c11be670b
SHA51274cc60d1f4e9185d0b31fbe6ea178e8f7006954f997cc3aefb34a3be34fbcaa032a95624ebfb57467362b9f8b93a0bb2729643a210afc4f8b96b976869b97f15
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\Opera GX Browser.lnk
Filesize1KB
MD5ffe5ef7190a192e004a7c85047bc9d9e
SHA177963a4f2badbaa21abab4b17d2c1c957c83ef2b
SHA256b91cf182833c1263822b9b997afdae55a9f443628e871a4f6d97a098340b82e6
SHA512c097b4cb58057da85f90c37077f6c7fa64885acd9aae559feb9d7fc44644db8b6ea88c13f6ef23acb703adf15c3e328dc21a2f9d36a2bb9ef5942ae1bfb4fd26
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\additional_file0.tmp
Filesize1.4MB
MD5e9a2209b61f4be34f25069a6e54affea
SHA16368b0a81608c701b06b97aeff194ce88fd0e3c0
SHA256e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f
SHA51259e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\assistant\assistant_installer.exe
Filesize1.8MB
MD54c8fbed0044da34ad25f781c3d117a66
SHA18dd93340e3d09de993c3bc12db82680a8e69d653
SHA256afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a
SHA512a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\installer_prefs_include.json
Filesize949B
MD58286e93fa5dcb7a5bf4d750094ef171c
SHA16c1d1d1272b28d951ab33a02b8fb952a409e8cd2
SHA25692caa87d979f10cc19c9beb17b75aa16808e009430fb48325b6be15c486dd492
SHA512c18ac75eb6f03ea50b1d1ad232fce0ecaef52db48328799f50527aafbad2bf4b551ddef8419254f94ef6228f529b43c3d7a1b2624513c39bcbaf9db8de63c5c3
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\installer_prefs_include.json
Filesize1KB
MD5876077e9e9f0cd5a5bd2c518c8ba67d5
SHA1f73eca9b6d757e886a9025bb5acacb6487df71e3
SHA2563d08ae60f42e61936bf04c8b7a7cdcd20944a5a1c92c2de044eb223013e7ec9a
SHA512c10f010b3b80da2602af6da4a643531f18feff898621f9fdb06fe862641891e905fb486b0fd923343046195b486b6a0f2e5d248f5c0b21e1c675c4fb271fa7d8
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202408110852521\installer_prefs_include.json.backup
Filesize934B
MD5b19551f4621b5f612838ba1b4b3a53c6
SHA1352a0ef3f8b1ce2492687718a8a3627ab1a4fa66
SHA2569c90835848f15cfd17c4362df303045b2ddd46e5a2f17f6c6e86b9fab9118a1f
SHA51295b6a88dbf1d31c6b9c72482ab7f5964759d0d1a0bb42eccba96c3dbfeddb8be308a5386735da9ab0ffbb3585d09830de4bac121127e98d43fa0c195c763edfa
-
Filesize
7.0MB
MD50b826bc00b8a2fc0e04fb119ee27d4ee
SHA14751ac0eb54286ffe88dcd892c576a776232111b
SHA256bffd6dc54ad11e06a292432baf3fad696026f4850c6437f39556eeb961e282b3
SHA51279f20d219dce6442f5947bd9dac999f01f3bbea50d7e5fce7a030830d162d8d21ad2238515f18e49803f79aa0a3de3cb1e1d76764ea84e2f1cc54f543fdf00ea
-
Filesize
259KB
MD5c539f540c37a41119546652e2450f424
SHA1ffd13a56617ac4329253cebc6bcf2a7fb0a317ad
SHA256b73dd3378b33386ea5a950960dbbda2ed595282ac2879502051b189bf3b2ce64
SHA5129a01673c0d1b60c1ce34c632273e7e9be4543c37fe8e780c882b4b28103f49c1f7a539bc829e03ae3ba3e5f5061463a09cdeb4745789189a6a03ac379c9f5db6
-
Filesize
6.4MB
MD5607fb47ad9d20bb16f90e4a38c93bbfe
SHA1578ea8b4bd0bbd32114bfd61910118c3d9cfc355
SHA2568a82ae5c857123cc6972b93828f3a6202c0db4d325ea6d5b1e36dcfb290c1e09
SHA51223470d0aa5989132efa1fcd4b1d183374384e3b75249910c08e22d2fedf315f084028b7299d6f6c0a5230b2ec78179485d0f187d0a87f710d25f1eac81939e47
-
Filesize
5.9MB
MD51e6485e90130bb0cffd2ae2ca7fef2a2
SHA1b9c01fddb3921b6f56d8d774eb0364f7024428e8
SHA256907cb59383443ce62fdcd2eb90e4bf32cf3a0de6078e708f694dfc7bd7166b5b
SHA512e28ec73e1465591827f092b71ab740a8de0b7ffcf5af0b3e4c1c8be37f16f1a87ae4fdfe23c25a305741a5aaf30fd2aab77f55061eb729f0dc5e64aef3dd6527
-
Filesize
7.0MB
MD5f09a4393c71ef161b22d9448f84fddf1
SHA147b6e230391fb4e5008b8706250de6fef0ba684b
SHA256c7d012ed5707bc25780181bc7ef45f5ae2558b98e8ade7ab6d20439bf11130be
SHA51262df63ec1a03a329eb97d702e25f09449e2123919c0d1deb1beca84f7fa4ad2a52be5da175c195b3b0a91aa3a71c82dcda92335804c5b713dcb64208a6561e72
-
Filesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
Filesize
2.4MB
MD5311204ab754a99aae4e243396b09a93f
SHA18e55068119399daab8c29aea87a3782634f50b84
SHA25672cb7ac4a28c9a3cc8dab21d7a32443535c6e5904a7db2653402c74cfe160704
SHA5128159e2b97311a6b3ed1f9e6b02242a03895a15476570caa6a05afa0d75c7150d6959115473fbbe5c92c0b2c4332fc52fb3a2e89109ef7e55f3a15396d8e72354
-
Filesize
20KB
MD5f76d2267eff21214b736a070247e430b
SHA1ec200af8d4daf069212270137a05f90e63cf5354
SHA25619787423b08de5f0c07d10fe218c28e5f04a95379383ae61913b81c5cac532e0
SHA5120ec8606b67a924c507cb8b0bab1700794d02ffd28091f836e1934f828ed21c523147f21b154eb0d4296e93358af47a9be38c570147beccbcc049e742eca360c2
-
Filesize
6.1MB
MD55eda2cefcb4bda954d5c43ef152f1956
SHA11302de9ea21b880e9253e1c3a80f557f73b208d5
SHA2562734105ab1452f7096aa735ac9629a6feb4cb1bbc8cb167e9cdad8b44d700962
SHA512ac3179ea5b66116edf1bcbe3ad481ccab93fdcbb32219c17a392ca492b7ef5c9ebe5b2b9a0748545355c587624a40c92f6f2136d8aeabf987a3c00e8d92d504c
-
Filesize
2B
MD599914b932bd37a50b983c5e7c90ae93b
SHA1bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f
SHA25644136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
SHA51227c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\69bb88b5-27fc-44af-a9fa-320e3757e3d7.tmp
Filesize956KB
MD5a487f1c197a5fea1526a9e6e465deb52
SHA11ef571e4f8b127a44a115f8810e0c6b2b9995ce0
SHA25644e2d6ea4ac6ace483b65df798b0d3920725520ac26bda23371209733844f23b
SHA512751ece500d085f4dc40bd8bd120220d29b805ef313601c9726da0963f9451e61c15748bd1776ad1d2d19eac6731993b7dc1e01ce79799eeb1f8965312ee7ad5e
-
Filesize
40B
MD5d33f44e57e4155425ddfb93e813cac80
SHA1fb0cde538b7838f44132c7dd4756c4aee07899c9
SHA2567e2c318e4f4162979979299153765040095b3d4950573490fbfdaeb47557ccb4
SHA512f107a1275068a4da775a8263fb9ccb75bd487211cdbf76cd415d767a7930b8a7a6a718ba11a5feae4aec61342be516e61a25abeb3c3ac303ee580c38ced55a8b
-
Filesize
40B
MD56f02b47c8976d0cbe8b395462c523b92
SHA189a59d7a80408bf9f2834d03f62acdc995a75b96
SHA256d214e14c83420af5b3771297159e844f936e7d134f342b467b5106ea8099294d
SHA512232bded347425a4779926cd4a57244605ab293481a3206918d2620539fb6157b5ecc89783b311369f911bcc2a59c0340bf22f82171a6e8486b2829de7b1ec567
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\Temp\scoped_dir5480_1615833183\CRX_INSTALL\.DS_Store
Filesize8KB
MD552dcd2b3948dc746f256f6360738f719
SHA15c3741c1503db16e021f7d09fa241638c2685c8d
SHA2568fb5f0908e60f162a002c8d37bb9ef3c95252d6fee1c021f2475c5a9f4b154fe
SHA5127b0e4e00a6afd110b982fab6f8babc9c74e07b5dd16df67c9ded015e3eddcdacdb8c6f702cede41402b5ed570a35537eb1b1e61754660271df052c67e2942f21
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\Temp\scoped_dir5480_1615833183\CRX_INSTALL\icon_512.png
Filesize373KB
MD5f53348fe0b4965df964a0749820b53a9
SHA1b875035aa82351732aafe9fa629af517988d5bd1
SHA256733bac8b25454f5c61ae365187e83e27bcdf86ca98478a5b08d51258969eed6f
SHA512b1dc54f5e2c5c147608f88ae727154d5a87213ba1e8dac3579d69a32b615f4d64bcfceda90955e53ad88dbcece19939f94eb60234e7c89f53c775358235f381a
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\Temp\scoped_dir5480_1615833183\CRX_INSTALL\manifest.json
Filesize1KB
MD5b0aadea1a48c58f1430a1a8a70571c38
SHA11c0cc23e61cb7b03248dfbfc641887a7fd8ca746
SHA2568b8f663afbb6547d8447c3718a87093142689ba24c5e48527b716dd131d1a118
SHA512d286fbdd138be9534e848a11955f4c1b780d8a867124968b3b345e599ccdd40bedf17b82a7d16ed748a0afa48d6589b567d689ed0b6549b5a05b3097fe2fd45a
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\Temp\scoped_dir5480_1615833183\CRX_INSTALL\wallpaper\.DS_Store
Filesize6KB
MD5194577a7e20bdcc7afbb718f502c134c
SHA1df2fbeb1400acda0909a32c1cf6bf492f1121e07
SHA256d65165279105ca6773180500688df4bdc69a2c7b771752f0a46ef120b7fd8ec3
SHA51258941214a8334331e52114aab851fc3d8d5da5dd14983f933da8735c24b0ddcac134e8f13692553199c4d9a14a4b3188b62878a30b9d696edda1204666b60837
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\Temp\scoped_dir5480_1615833183\CRX_INSTALL\wallpaper\dark.png
Filesize4.7MB
MD535a4b0fb405d05e219e424a6935835eb
SHA17e5ef741b3f32518d0c12af814447d3208767ebe
SHA2562d23f21958f5682239133d69d4b17254e4fd2eb01e72e33c4dadc2c82017dd5c
SHA512e338c5690670633b4033cd7a4aa28ad31ce9a3b5073e8556f701fe3a1a50e0e6c4e8417f8efa9eb534b5f13b003894d0a699e03131ce300a73917ba8527d33e8
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\Temp\scoped_dir5480_1615833183\CRX_INSTALL\wallpaper\light.png
Filesize5.3MB
MD522e71fdbcee349d82c86bd3298f5d765
SHA104977a873ecb7fdc533888b374aec5abf987fa2a
SHA256d1ea91df3e9af621a5bb1fd0c328a05854ff38c4edba02466cfa0adc4525ae9b
SHA512d26c34d5484a4572c96db0f40969db208ce74e87181489540821dfb4bf97a933edc5cfaf3271dd77d53b1b23030a9e44560093c6585cbe6f9bdf27f7a6e3cf4c
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\_locales\en\messages.json
Filesize2KB
MD5f7b9c08913fbb4ee164db4de91a1cfa8
SHA1ee748920b53e30beab4925c3d4aa30bd7f667904
SHA25657e2b257a65fa5e980c619214ed9ae25580bbd581143e28abac49928b31977a6
SHA512d39802a782fa37146bf509131d98d8e2ff121bffe7d5b37e6300b60c0acd6dfd80d2154825753395ca231493162b5668f2c752d125e4fc810cbb3d5d77331260
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch16.png
Filesize351B
MD5efb9279c8cf981a1f4103ca61b19f81d
SHA1c58d2e5d74ded2302e1ce18676a1b3ee4361fc95
SHA256ac127685624619ef02717d88d40b5b86efe24523df4e026dc3ccd7b3825aee9b
SHA51245daa4262fd628e3de6b5fd577fbde371c48c321dee86f3142a32523bbc6aef0b57bb4f1142f28c5cddc6eba478d1aee0456f49927b161fef30176c4305f1dd3
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\aelmefcddnelhophneodelaokjogeemi\0.21.0_0\icons\twitch48.png
Filesize929B
MD5619819acdf286356609090f04ba06733
SHA12bc994f917e1120c1f93d62a37a8db3e665c1c81
SHA256d919fba6bb74d094ff1f7b31f43dd030144eb28fe160cb4c401485c859bd4ddc
SHA512a8386b6bd9692685426ce3a4fc28abd66bb5097d2839f45d40aa080c86c0924f92d0f6a7dff9d76d8243b7eeb09352ce57a27992e1da400b590aecd46012bb68
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\gojhcdgcpbpfigcaejpfhfegekdgiblk\1.19_0\web3\dispatcher.js
Filesize1KB
MD5f76046e8dadc97089fa540da755ae94a
SHA1a9448799f6b026bd25afcba7586d3c420ed35f1c
SHA2565d638458da2dc514d521f481f90d932294fc8ca0e18d9f83c9b96dac2d360580
SHA512a25546623c035ac5a616fe1f3dca4edf76e604fd1118980656f263c92d90357e58a861a7a0e7033be725104044c3c311dd5c816c5acd26f5e4d627928d4970d1
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\4.6.0.4_0\icons\512\icon_512_black.png
Filesize3KB
MD5e35fb9f31bd2f22070e4ec9b65717b50
SHA1355c42ee8bf8e04d818fe8133fe448b212fa8763
SHA256ef072f9c80ccd41e46ab1a354306eca6c0861c3a214791a17efd47fa9b90df86
SHA512e9694a0e8cbf3eee14117651111c97141a89922d26e4f32379051ff7a17d9d238d7074516a637201bd965a6ec449e76b5c9b6d455d74ed401e17adb53ff6784c
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\4.6.0.4_0\webpage_content_reporter.js
Filesize174KB
MD53a07d6580cac116f79d90a009a6cc584
SHA16835e601ad5454e940a1d8e01e29f00e07542c8a
SHA2566bf79a3f7d54e091f5078203b0d575f3bc75d4ceaea234352c9e45ccae3bbf21
SHA512a3482c437edfb99db4bd59e8c1fb330e192db4999eefe567d7e3dc652283432f1fc9e23a32e7008aa5ded35117e272f28f8c1795612fcb2122f0978a694aadaa
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\igpdmclhhlcpoindmhkhillbfhdgoegm\4.6.0.4_0\writing_mode_assistant.js
Filesize78KB
MD5782e7a2227c85eb3001aadbcec4bfa43
SHA1389135ed945b47fbada0a3abc068c8f5c88ece04
SHA256a3648bf6bb23f94ebb533a9e04e23931a88ba513c671900720a73020cfb4443d
SHA512fbfc069b71b44d312aacf9872e01ec251951870a8a3a11a15a0820c297d3b2398ecbd8771a96de4612d54a101f42b18399cb2eb4dbd6d742cad455ba278f6384
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\ompjkhnkeoicimmaehlcmgmpghobbjoj\3.4.31_0\icons\32\Icon_Light_Neutral.png
Filesize976B
MD5652317fc50ffa1c31961ae280aa9f059
SHA1b1d349671c4bb3ae9d2d4df92510c8d2ee07a9bb
SHA256cce36b14b7c5b5467c103d30e382fc7dbd9790df00a175ecb7c587f3615111b5
SHA512bb53e41ec545514c9d0ebc032855fc63e68367f54162af62c882a6a5995690ea50ae6a042a1e7eb09c5671f1357fc6412ab1235d3e8ddb71071ff602780a3a3f
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Extensions\ompjkhnkeoicimmaehlcmgmpghobbjoj\3.4.31_0\popup.js.LICENSE.txt
Filesize871B
MD5df32743ed051aa784d347b8223c278a1
SHA16614f0ce1e430b960e0a4ed5a0dab97f1a6c4dba
SHA2561d438fddc659f353fb3db7ab82216a55e71f6aa3afa2539849e68192037ea627
SHA512c1297c68dc205cf24eea15af69faf14345815e67fc488cc187bd270984a921530f541b4bdd29831305a43d6704babba17534e3f7b2648f2b7633f48ba8228f08
-
Filesize
8KB
MD5cf89d16bb9107c631daabf0c0ee58efb
SHA13ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b
SHA256d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e
SHA5128cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0
-
Filesize
264KB
MD5d0d388f3865d0523e451d6ba0be34cc4
SHA18571c6a52aacc2747c048e3419e5657b74612995
SHA256902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b
SHA512376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\IndexedDB\chrome-extension_igpdmclhhlcpoindmhkhillbfhdgoegm_0.indexeddb.leveldb\MANIFEST-000001
Filesize71B
MD553c5d32ea238754971204f08f6441e7e
SHA18ff6e3fe3c4d1d7d845444f762d64d370306e068
SHA256258715856ad8df137dbe5c542fbe6eee02ae2ff633d8a83e203b5bc5ead977ff
SHA5126f032cc61e53ce7b7382d8a3e37318d44b943d6d24d40c0973be0e7fb70f1d48046372180391762dbbc98a3fc4bfd16e0fc84f4c7ca85b6a32289b2ae927e7cc
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Jump List Icons\0acd655c-8ccf-4589-918e-6610d590a431.tmp
Filesize27KB
MD50c91300e7cfa9204db3f0ced72fb75a9
SHA19c8601215d808b142dc59ae470abd168a9e8c450
SHA256c70c6c4d65a3d6e7a2c79087478b19f838aa46ae2d4b2dc02bb2ea1a3bfe67fb
SHA5128fbacc595062964e187dbf7d9773ff7dcf3a10b68a1e3755ef42b0c9b51d35e7f9adc766147acc4c4855c3ff51047904f1d875fcf1c4ea632e465795a4ab68f9
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Jump List Icons\126bcb77-8a7c-4bda-bee0-dc26a23bd30a.tmp
Filesize27KB
MD59b00a5dd96607c7ce9a48a0e253aa5d6
SHA1ba0d5ff60d32f7654cfa7998224adff46935e9b3
SHA256354f5ab64937037cc28478591677b9cd55c04130525fd858ebfdb874411a60f6
SHA51246ac789ea720a69266da6dfa4fdf201fd858a95ff6db67edbf9a5ab5c10b1175cf1522b06d6e4334410bf0113fd7f048bf00d78d5d111ebb50007245e63074eb
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Jump List Icons\1f8eddee-08a0-4fb5-884d-49e99c8b7dba.tmp
Filesize27KB
MD5a0caefb97c1150dd209a532206f732f6
SHA1594a34095c9ad12f7361c9ed15292bdec0f34823
SHA256fb86514dfbf3c5c1dcccfb952103e2732847c8d32e3417d4db6855fb2d07f5a8
SHA512808d445bbacf9c3ff268bd50c21c2c301f2ea0cda2ef7838217bd21ff9c9b890d486d99b9be55838f2ca261d572622f311017b812c3cf2d124ab1f3adab1faad
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Jump List Icons\27b11998-3364-4146-af0d-7406be5949d8.tmp
Filesize27KB
MD5dd8e6df155a2ff5f53f81679d8701c70
SHA1392045fa8c2bbc94b569ea3a70068c8dc8d34826
SHA25609b4f9a23cfa587b071052ac7cd4803139d3f1775a11b4c552b92472d857f460
SHA512bb1b9a80f15288056a5792ab509451e841c7ad7b654fa7bd5b862bdf298ea8421c201b237d9cb4f0b64d46c40d0bbbc229161730eca3d5d957e12be515764145
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Jump List Icons\424d0da9-6925-4914-820d-197ed0b6961d.tmp
Filesize27KB
MD5215273824cf72304bf5944ba076dbc10
SHA1478d0e25512dd05e4ec44b05f31fb206f2f9f3a1
SHA256af0c7a6ac2aa8f264e03a5ae8534b66d4d596df1afcdb7f64777a02de4ad67ce
SHA51253d4984640f3f4b0ad287086ea922a01bd7f1970f80eb515815da06acc3a90ef17fae79af6509e9e88a26283988a3b20917e974d15d32dc0637afba6d8c8a23e
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Jump List Icons\58992bd6-85a0-4f5d-9f96-d3f90e09e677.tmp
Filesize27KB
MD56b418344f43ff827b75785b45e8e33a1
SHA122484a95499dea4ac2a3642b5b640174a5232f3f
SHA2563580368f2c00b14dd7e54aa1f642ecbb1ee99d50fc13470b1d6c3174565faab7
SHA512e3b1ef7b7909e49156e66bca98cfc6683de3cdd5bd71863d35736b55bf964c798c27c1b9228fec6a1d99befb480df3dd9fdc2916f7f66117b2981ecb3cc3d199
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Jump List Icons\d120b648-53f8-4966-8470-4077a99367bd.tmp
Filesize27KB
MD5563d3b0e05a88cb1f087592e0513dd31
SHA11e5bad428d5da8c480e37cbd01eb4dbfa4cb777f
SHA256909bba44e20b71eb1e0edc84221ac8d8180d14da34753a3ea3318f5d18983a94
SHA5122b5f6e547cbeeb9178391d4ff1a876344082a401610fc1dba6e888a818c2fd8bb3f348d7a988937efb9fe3c53e1179501783de35dc43509f26e5e4050f9f8a8e
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Opera Add-ons Downloads\macagoamnffgpcljfhmgiidmiahgibjd_61712.crx
Filesize10.4MB
MD56e52391b067c5997e69af45c23a99b25
SHA13d0152cfeca041f58576bf950d47cc4daefd3e9a
SHA256401f423c27782ea48296d2d245a8543563a0f34acea551c6d239b870ca3fc332
SHA512c27be0de53eee5bcbaf5e4d9e7077b4d9d03ffaf643b2079ee8038b0a1f8f2aa22a164f54dd115dbd5b75433e2397a65aea59eff8acc972813339179a4d1290c
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Service Worker\CacheStorage\3f89513be45eaa6ed6020035b50ed601a651a63a\5e8080db-c471-46af-bda8-43b88192b335\index
Filesize24B
MD554cb446f628b2ea4a5bce5769910512e
SHA1c27ca848427fe87f5cf4d0e0e3cd57151b0d820d
SHA256fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d
SHA5128f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Service Worker\CacheStorage\3f89513be45eaa6ed6020035b50ed601a651a63a\5e8080db-c471-46af-bda8-43b88192b335\index-dir\the-real-index
Filesize1KB
MD595f721a485d497a9b4599eaa870186a1
SHA10c104cfc10cde5eb177fa58196a6c10d4c036d02
SHA256d8e8ccbc31c4e6848409f698724f2a17c61ced62a3fb924350bff5d15e5f7a80
SHA512db94b9258e27e616b96b97088443aee16a51a3d4beafa2b64d21c84a36ec71c7eea64ee9b5db4a9e61b501ae50db40ca7ab6b776163e09690fa1b52e4933b9c5
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Service Worker\CacheStorage\3f89513be45eaa6ed6020035b50ed601a651a63a\5e8080db-c471-46af-bda8-43b88192b335\index-dir\the-real-index~RFe5e7f30.TMP
Filesize48B
MD5d3cd92aa33b49fabf08d4c11f1d7ed10
SHA1b59706dc0dd141c58c1a21720c55dd37b621bb11
SHA256b81172f4b9e161f693a9102e46f4ad40147ab725ce22e346c5042db5b591e17f
SHA512f59b272062a4d90fd5aaef35afae415e31e2894d24f93d9c9037b3de46c79625f9133f4f06d198633193a6c0e3e280ac7d048ce7509c17a47aaba36e0c30a1a7
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize557B
MD501cf6b1cb31939899a9880828e654552
SHA15b57609534dc236c6acd8e6d306ffa3c7ddc3f98
SHA2567a35da85c81af5abc5238d9d0b17a04e1290883c94e4e574f26d34da51817860
SHA512f302891422fd517c32cf66a7aafa19a3722545f15768a35dd0e2d873abeec780dbeb881cc3c87296efb39a77b077a3aafd297d117a70f800bc9a1a0c5fbf3c92
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize1KB
MD5c029322bda947b9876e1249617dd56f3
SHA124d2794a6efe52f33c701ea73742db24482ad866
SHA256d5d383f1d40ffa5ee2eb89afa74fb9672bad66e802d7a1353457608b3479ee05
SHA5123f5b97db6f816f9e5969a00614527a21fe8c487994f4faf48fa514f15e8514144e3c83b857bd4d7c7cb9b317570ed5007438c0659b6f9e88d09e97d34a5d0a03
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize1KB
MD5e0296af14e92a651c32eea98b522cdf2
SHA1fc6eeda21b027a5873a2b96ca1ff91245f78c0e0
SHA256e62544ad47ec8338665ac4a7b93c0a1696b043f5694d4c87a682f414a6fe45bc
SHA5127af992545721aa705a2a3a416812274914901a6a3e0e6cdc57128737a5fb38e1946371454a7ce9826b1e7d1de3829a8ab20da69cd2e9fbec9467053d85c454e9
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize2KB
MD5c20eddc3a3544619b603e264740feca6
SHA124bbb20521fe4cbe5594b8909de36b3f8e41265a
SHA2563593b4e0b829754368de17a7fa86f578422f1198c4c7df6c8ddc3f03ed971d7e
SHA5129c9391cf20bf8dfa82090f1bf60f255d00d1ae6a2674ce50929eed1470fe7b4afe0396d1b1fa151ffc39326171d7154a52eaaaae2fe39a97680c6d12f632a1fd
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD57dc1d1ae2985c22ba94042d70f8114c9
SHA1a3a1befa42b86b7efbf56c2fa99be05eb806276c
SHA256b8f212b81404087866da712c9a5d9655a611fb4ec4262ed5529b0a2854e7459f
SHA51289b160880fcc944a916601a64cb57b3e25e71bf39426574cd9d159a098b1c4a164bcce03f1e9739a668403fe1b5f66ce211725f2dd50ab4f45113411eb70816f
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize9KB
MD5449f59afafce9aff5e043ca18e48cbf0
SHA1a260f6be1c04177e71738f36669b816dc9d37d9d
SHA25644cc0a25ccaa31df61169af6e878d970236910ef1d31f1fca4e6f096dd82430d
SHA512082b0bfbf451eeb0096ddc7476c62cce5fd7a44d24fdbeac1687bb3bebe2d1e9f473f99ea1bd12a8b26eb1d1e59df51f5ebd89083928f3e6c253124b29c21a12
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize9KB
MD5b3e5b9a0f48ecd7ed8978b9fa9fc8a44
SHA1f5c028bb3d1e1abc302d75e730449684de41d913
SHA256d93ab5c5c657521eda1d888c1392468b32c04555250bc039b6eba478090b33b4
SHA5121701c0eb77d072fe1fc753013f961abb9c4122c0c3b42f1be1742036d29600adcc9727346ea822d095fab2613931537b3f3f4150df4e0e81c559a2e9d720ba23
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize10KB
MD5ae45b2f868af5975e2a59e870cc330c0
SHA1243b9174a601c3b22ddf9e08bf80d0fa2f15ffdd
SHA256e0c55b302eb67d20963848e5df16a852514697f9d312e341100d5ad66a5a7dfe
SHA512d9f39cf5bc31dceec116be1f0f4defe687f47204fb42ce7de4539bcf04283e7e34ee1e84dcbfd7fed60a13c9e3ea1e31ac77e37e6f235fd5e1ea43a88a972134
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize10KB
MD5850dfab14b6c6247d88a860b0b7cde18
SHA19910392eadea480597b3272c0e93e0a094041962
SHA2567b8c2de99b6cc0f754b21ba7c78d1f06d3eec091acd63545f741b49b0f974271
SHA512edc29b225ecc70bdbe47f9c75500dbe88e7110e05f579c315059af3ba42169fecd90b0abebf95fdb4bdb23e487fa1612d812fcdc113fa7f4ae4f8e8785360899
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize10KB
MD5235e4925a2bb13a8ed6265ea2a86c247
SHA12ce23251ddc30b6b913b33f53c65d5b565570718
SHA2568345671dc2a174d937bb1856f5ff37124e7f0a85b3cfafa6832b006c91ca6593
SHA512c14ac71a17451646b10897d73dc018b6463ccd1ee26245c3253384d3faef457aa90129dcac4ead3436e70a2c62d5f64a696f001cc4d61965f5508392db9fe4ef
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize10KB
MD5a7c12d9c4dcb3ba6b042399c009a5861
SHA13915a83e8e521cf5e0c496639d7fe7dc20ae802a
SHA256565b4439d32ff0a2f23fa3e1703d10019bd9d8fd88f75c180933d2663557d6f6
SHA512cb0f1098996d1cb7b2fb8e543edfc8ce8ce771ba7ab4a92750dae7d5c51182e5bd06a97560f66ee1367d60b4cd7d0be8fce04eea109619b6f5c7e4b05cdfb259
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize11KB
MD5a9176068a4ccb4876141aa654dc258f3
SHA163bfa74e57146c80b603376aa2b59bbffa53ff9d
SHA2565fd4bee4f58473821d0203472b8e3df676cbd24cc5bd32b899a9bb0db49a7591
SHA512ef34a7b5789eff79d5b4ec5d233c8e38eccc0825fa790b42b82247ec0fd497f1e2a1ea89808e17385fa2e02553ec98e9351d595b3cadb77797e0a096668a20e5
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize717B
MD5f70aa31b4738c65b36c53f0529ed682b
SHA142a0402b90e9283437ef7ebb1c8568c6a92e6e76
SHA2565d12109e95964b30ea4dec6c9b98ec45f102ad5f0e5885feb41a37c7aa836bf2
SHA5127c33382f2d17191c5dc8c875e5c4ff6bd1423c1b0a479c3c1ee884055aeee5955b468036fe379ffdf40b356b2abbed0a1d64a5be4989dd9a8bd50d8a0294b482
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize813B
MD561d854a8f175fed485076833f81f9778
SHA1aa106ef35d20671cdf33552db34ece92302fc0ee
SHA256338bf2ed5190e589a5c92fed42d2a8ab5931438a085ca5675d99fc910ad4f2b2
SHA5129b802e69c1f4f92c4022c891bad7c22811b721104e0be5d941e15035ffc2316922d652463b2220684c93063259da28d09f5e6eec062e483db0d9d056d8bbe7b0
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize925B
MD5417c19ad5348ace79d48aad0a2ad7d90
SHA11bcd0add9132bedb890241d1abf8a97b4de2edee
SHA25673d0cac16695ca8efbc359ff3ca09962286a4ce451df71ce80a058ec0e89148d
SHA5123b558ca914dab7b59463c8691d5cdc7b53bae35ef85d88cbc7fa9e2fee57bf9638dc110e233c501f406b92b9c55c04c1ca3e30237df3fe1ae6a68075ceb8f663
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize1KB
MD5767f37c5f4f76312d5695aabb2cd197a
SHA17cd0327fd9a24315b08618fb92895248748d4c66
SHA2562cbb230a9e42695472e9a51d817750fdbc61c288e49d1c5e20e1bbb135718a6c
SHA512869a451b5b18ab2a38bbaed0c95255269f0790bf83baa8e4cbe2cd4f15ba88c7312b4d038b90594f7350cf24343e2a5cb2c53bb3d15e0660197f7be6a8c2fb0f
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize1KB
MD5c2c3f1d966b9b76d774e0921bacf453b
SHA165e445f5e06ada4bae0050e129467f276ea3c93d
SHA256b20975c361e0923a43ed7c86a0bdc07f3594f25e6979b76918b606854e50ef34
SHA512ef1e8f7722abc8383c0f884b5a75a1ee4aeb3f4651a95f3428280628764b18bd9d2e6a212edd7106bac487174de7338acb2e34437210e2b259a47d401cfeef93
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize1KB
MD5c56c213ba40aea44a59de099996cdeda
SHA1b6cd36e4999caf2dec3ffb6724d736449ec8c5c8
SHA256035f4041a475d72fcf644b5192d960c7464d669ad6d64e3f5ffd950065ad2c44
SHA5121501ff22c1111d98e9a23c2790b6fc2c3d7bc18a94a87b08fb1f4276c6a3df52d6f552c483bd4a984c93be37024bc07d49c9286215e70eed8f799974947636b4
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize1KB
MD5df9a24832b28eef706259f341014ec3b
SHA159c7648338d482ded3fed8d8e4bdf2d633cdeb6f
SHA256881b0757f98ae0a9ac150a339eba4732422bda72b06abc810b7a31882a9e9557
SHA51240eff9aa974874cd166603e0f25cd2d4e118a2ee14e3e94f40d73ae29eff81332dd7ec4a2a1c7dca1e9b1c2e66178a2398bcdf64a37c96632a7c57176e3687ce
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize1KB
MD556f18957795c0e75b65514d740f804b6
SHA1721fc56926adfad98fa26871f4d0808728a36c5e
SHA2561c3f5b490979873007d52e87dfedff3607e461c6ecf3e6e771fb20ec0d3a4e01
SHA512450f45e8f1a49984b6f1a2390fe33e2ed7420ee72c1a1aee44f8f7a6b4e8ed189e1f3ed67c9bf98337ba1cf15115bfb669b22be104ae95d077a2ba55eeda24c8
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize1KB
MD5d344fd2e12f1c4e9633aae1189c4507a
SHA1118629d478e5f492bbe23e22dda30760963691f2
SHA2565483249900e5b304213bf78966f3a0d988c460aaa9f81336b97d4187cbf1aca3
SHA512613dcc0f9117c4c6e35c76bb8f4fbe5214789974e7789d6b92c4afb2bb38f205b1eca1fae31e7dcb414c4f1816c5f3c8883c6ddf7bbb531a9ba6c07516cbd9a2
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize2KB
MD52306acfc4b14db9aa7a6c1a8feabc0b2
SHA1ae28d5b5c2566d57ec97295782d1412dd7914617
SHA256b7909332d82a971a5fa1135b714aa3a97a502f6af75c7ba74aad4eab4b323da8
SHA5123685e3d638450960204a7fd1e0abc8cd5e0aa6bb9f053f133f621edc947564c942c6973eee2923254eccf1264f2fd564f4f43ee514d673e7e671ff982016b4d1
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize2KB
MD5f30c8cc732a0aca3217f94ef1704d783
SHA17505fa6a7d69a273b77d87050902a01f617eb4f8
SHA256bf8044daf6065240d234255e72795e48da4b99a6ff6e6230593f1201c7a817b3
SHA512b56c7522a34bfcb76213f291f0b081e3ec620d035197b26e99a5ebd74fb63e8424c8a0ce13b468e97f847c7f9ce76a8759f228463fe521652132681981d74d84
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize2KB
MD5062a3405fb4ca8d21407db6f89ad8445
SHA17d5129bb05b4fa860923c930e1dadaccec17dc51
SHA25627e4edb15a0c1ff8612190c0cc11dd0e5dda4c6e3773ae7273161639dd11781a
SHA512f2fdd5df763e19bab57cf151ff8c208310f8e08d4ab5af1b33aa73347c100c3408962eb10f48533ac4ee785d8bb6ffb0691a8925a04b9e857eee863a919c0e21
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize2KB
MD596feebfa9de02f5fdbc016d10319c04a
SHA1d3b075fa76ff443c3f20ca3853ae97265f7eb7ff
SHA256c28b70a0f203f2949c988785b7fa0b900e127ecbc450f007ddb809469fccb5d4
SHA512cb7d7951001bfc195d824d134d683d253f337d26db1da855aad2ec57ef319a85b0291eed6714cb2f02eeceb057df76c1a13f29ad2a02c06b642edc3d3aff3d2b
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize2KB
MD55d1b9cfe4833a7072d3f7c51fbcfce9a
SHA1f1c0dc46fb8de9eb9754e31d2a4a9438f377576c
SHA2560af21b4e760d629be3a432ed96175df3ee12e79c2bd2704b57b961b7f8c25582
SHA512e668d75a15e1f307f9aeb39a030f840fcd717c90167d497816ae3d530e06c90a07dc218e748b1ea6f12ab1a3bb9ae64cb378863294aa7221faff4f70d646a88f
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize2KB
MD508053934af5151978740d0b3d29ef71e
SHA1ab323efeed1b8d76b29826c1aa999b6f4f56b025
SHA256911deaa0556251a5738cad4e853740018d720b0e7fb8b717dd34eabd203b92a6
SHA5120faac8503b8c1ef54e144643be9ec57bff78b16e07921b4b5008d5e1bbf865fbff9b12130f5792db4bc062b4c6605ba0a021f875182a5ac74857cd3182b3ccb1
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize2KB
MD5aa12e77d3a02ba2422a87e3ce82ec520
SHA13b7d5e4041d292b195a1c4307c3caf2ab43ab59c
SHA256cfc40426d2f21bc09d497d18938f64a139ba206e6940bc41672a3d42e85953a8
SHA512a8e2bdb4a4736831f85f57601a8bcdc4692aa2d3064d34300b92ab18c4dfd6f33c49d046d45b80a6b2d7b29c0cbb772551545d8b4f5da44746f0d4eda63f629b
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize2KB
MD55dbd83204342c07b888240806e3536ff
SHA13f50a51338c14fecc8f4b1faa89c7bb2f8766645
SHA256f1fd545a71923920d6d774c038a525e2227a78108c2cd0be6eda231082b51d9d
SHA512ef0742a936c2f4288815151d8aa337293658c377c39b97b352c2a2be63ee031cb88b89920e61bc2cce752a77b2d10a60bbbf2372d37d8f52706b96d0730cad30
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize2KB
MD571c6b3d4a6bcef2db41c31b149853f0f
SHA102600d33616a4b35c82805d2744c26d16ce6c7c4
SHA256baa4dba2a3bdd237a2b41e40c3ef209dca22ba9e4486853576df591a0313113c
SHA512c78e20867d17196c342d3f81bd85997144f4bbc482983e43a83d0bd5cb77a713754c072759190ef0c2617174a6a159a7e2a3a3c73a4e9f39321293c5c288a57a
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize6KB
MD54a57e1eacaf8f3d025733a747dc5006e
SHA1f10b418f841438d847a583e6dd674e296295c4a6
SHA256c884420e6b7038df491bc5cd95879cf309df5dae3d53ce17f7a901127b2ef94e
SHA51235500b8df434626b813186ce65ab5cc1aaf7f048a40cd44227c228bbed8cfa6d3d91b5d2e321ba9e212a726b5361e1a5b0d8018f6b61748114884aef7a2ea6c6
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize6KB
MD520b4674794dc05df7b95134f54025c91
SHA1df98374dfa3e2952957435c47104519a43a0fcf9
SHA256dcdcb5723439495037b264c5e831c1df58ef5e04aeb2cd638c5f3413ae41667c
SHA512e69f4b263fbcb51fa29ab79560987c77893643b642c0a45302a2277403023cabcdd6f1b5a39573aa36426c05f66131b3acb05a0e41f51f9d87e4d28fb64fcf09
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize7KB
MD532366e3d9d7337981f7f02a141a38360
SHA1821c989350ce0efd9326a87933d47cbe247268a7
SHA2561ff83717302c63f9ac32fa2bc605cceb84dcf1d45b6c07004fc7d4654a04e8ba
SHA512213a60b8d34f328732e431a523aebc8387656d67ddd5cde1e70ea727a540ed09a0e0809e80b5f8fb59ac27f6025f50e6eac6b41ee0b03f8e138bddfda30499e7
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize7KB
MD53e8f7d73ab642bf922815a2daa75fae0
SHA1a1cd532340090e13c3c867071ce1cf1833bee517
SHA256db6b24b6f7e8a1733b973c301fe48967742aba17646936308e7dcca9554b4997
SHA512249c09ab73ad197d6f3323ac48df6b86f033ac7794514595e3474a132b184a7673484ae77b6d57db4eb8357dc865d87a403915691123e715b745d1d151f9c2ee
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize7KB
MD5d5cb9558b627d2989bafc68f6ea5c5aa
SHA1b28fc4f53c65957a54b69df2bae47e0dd210f18f
SHA256bacfcf2a70a77cf6ce5a5567d5b39024125e2e76e9f53cedcd868abff7c7d51d
SHA5126cc05c70c0113470fec2c1e49b127b423f3ccd4ca41e3ba1cea50671c0307ff77ae4cb9611b20b9bf75787dfc2741c673de92cdb67bd94e333ba58004da0aff9
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize7KB
MD524da738aa1e89553029b5d81b5649301
SHA1ee8df92cf7e270618621d833be6097fff1e932d4
SHA25651cb8b72f63a2d8d8b5c2f723b717fb51c118fe1239aea4cce0eb81ef6eafc16
SHA51251b1fc6464a8d0b80b4c0d75f6a69cc2b0328ee27a5b1a4b5b9ef437a3e45ec2086c407c13e4d6e061062a0dcea4bb2fbf75f600358eca53c834cee8114b22dc
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD5d942a163c548dd78d819dd806d089bd1
SHA1b89342bf600eb1c0c1185ca71c456284fdbe747b
SHA25609a6d8982aeedf272bec0217c3104bfaf629d94ca96098c19fddb6b26b34fa2b
SHA5122abb6ff95b9efe11f96b70ddebfe16f058ab011a1d796573e6353c0e85534a4ea34c268db204d7ebd22b46ff790bbbfeb604b5615bc9977639474d2f80b1f9d7
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD54bb7fecabe9d6cf8f459dd5fd9d509f0
SHA150adb9a204d4d62c534807d2b076474a35ff40dc
SHA2564e26b189289e294404add887cab7608266d5d653818576335d9f801b281618ff
SHA512afd0700f75ebe36015643fc2cd6ef7a69f7bf48ef915cb184fafe92dbad94580cfe7b831d1c561a229d342594944025160b980b9c1ef3f7fabb2143ad150fba4
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD594abf05026f45eb0d25b09425ea7bed8
SHA100485d814de76c097b24936c60d4efdbe03156ff
SHA256f3e1c8af4470feecd06f8d388cc98cb06eb5ed430b50366d2d9c9faba92ff6b5
SHA5127ce0738d8a724115af682186d049f3076730b91a30822c37f1bc564511595e25a3f2b67c34f02c59568517a79672231f50bd1f5365509bb6cd64f55b0e576238
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD5a2223895f4b22bd0f7b0249263f82880
SHA1054d0c795e9f84db623510f336a094c8e137d525
SHA256ad1300d431ad456f9646fa4be792a515e79fb55a7d25228fb5ecf85efbd12671
SHA5125dada59b4ebb28a316c0d3046a1e566ac2a5a6a18ec78f35c616a3ab0d08c8271bf61f90ad5fa2c16803485580ebb3847dc47eb1cba5a8dc7e74b34a9521d7cb
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD5f87bdc93fe1b24799a8386e47c048c75
SHA1ea352d3e7d20ab5ac84a8cfdc6bf21d2a5271d28
SHA256f4d235d04574167ecf7ccfd9c2f2974f02a40c37f946cd4cc64009a6e6c6b014
SHA51204a56bd8a18a8f8c4e9d986759ec5206a7b49e228d866ac8d1413447b04e566fe6fdd81d0785e219e851f4c98189301a85b9e5721af66ff2deb6d63e19eddbe4
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD56bb7ae438e82decf83a65fcfd8435585
SHA1ec35add054ec834ae28d2a56a545c1cc9e8c9e9e
SHA25617016923eb5a7ace7a7e5bf961435dccba160a119007facc6191e2afc122388a
SHA512cf7cc9d08ee32aa4462b3dd1947abf0d86573fa9bdcac647e7f64e0df3057ca0a7c6efd75147e8ca6aaf2ce83fbe55dbdab799097704f4c13e98aa04e7dd640a
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD5a747245e23bdeb6a5922369762b300b4
SHA1ec57c7bbe1c6b86742984e537f9eeee20f9e157a
SHA25668995eb0768c86217fea227ba409a66a8f330e566237fcdf3ca7b020287271a9
SHA512f1462d3ab4991d96d5e54c159d5436d73f69d0997f0ddd8e5fbd0546241b41b9ad74b1e29f522c546d943004bd1e8a29a7370fb059f4a9ecc1a5442ca213a7c2
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD568bb5a06f6b8d287278c7cc9a2b0a023
SHA10a7e26cf282852415ac04a769ff70e884c7c54f7
SHA2568345836b525e4a5372c98bee74faa61c44718ce4b2787e5f1d084fa8a91142a0
SHA5126c98824ab46bcd42d32e90f8fe797e8fd12c35915ce44fb3730e071dab427d1c725cd09cc70c3718bd23b6879bda77e95354a8d60e0999123d884dc95b9818aa
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD517ae0eaf45ad8330a50c12533830a59e
SHA1ab1f22eb0cdea25050ec13790166541adf202b07
SHA2562b37d6bb840c504bea27871a99f1c897b23402f798e93f47f5a2e592c3a355d8
SHA5124fe13d552ddbaea88b5885267c85cb23188c6384bb3d8d6e12c73e3779dc1fef292c08ed20187f0e593f3a251bd7b32f18b37d6d44d025ebf1e2f550811c2cf8
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD5d1ea22db7e3d9f8850a7abb475996797
SHA1c09c53ff7b9223357bb932aaafa62ce9b4d800c8
SHA256510c1be6fddd0c48ce830c375484129cb8b66512c8ce8e02978fca94a78d9437
SHA51299448e7b485be11a2ba1b7cee9f35dfa3bc7e1752d3e1cee48d8e19bbd196764425ff94df122171f2e59780eecd8100007292a6edd97303f00f66bc93db19cc2
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD57c16e5d1e0d8fcb3dc3e6bebb3e1d600
SHA12bcfc3a738c4b21bed949a9b0804b7eded05a382
SHA2564441c136945df7640e78fa6075c0fdbb66af9d81bf9858e5e308dddbf5071d37
SHA512cd8a461d342c21e5450778779c1565fb724b9144e5c854fbb79263a08f8d122495251fe37d2aeb28da13486959cacab5c129e6ff11e925a062058671e2ffc44b
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD5bb03f70614b2cfb8f112dc7e6cf94f19
SHA1974a4c8aa5fb184b42ea623e5e24ebea441c1fb3
SHA2560ce8460d346372391aab43f08622f5b14213cbbdaaee97f8d7b53c537848e911
SHA5122b50fceee6362e6b4832d91d12787cb731f2bad3dc5426fcc266f55b2672e230139d85f311966be537a646d63522802befc7d90b22178e3309441f8da356aeab
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD5544e3b82035ca15725445a761785161a
SHA1918408ec9cbb4ff07a181c35d9b587ec5ef5d65b
SHA256ba09791c4a0bffba5021138e62647d5c6e642c1a0c0d67d6f970aca92c45cdff
SHA512c29b7025cbf9f390abf0aae6d4d2052bf38311ecaa2ec5646b58f30c54ee5238ac4aad8b4c22a315b219be721d162c5395ce2665b90a4350d4d0d6d3b5734d3a
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD580476b7b613019370d26a925e96cf780
SHA1edde48932deb80e4773eadb7d88bb8190b1ca0dd
SHA2566b439d3db65cdb04c38b17742a3e3b8517d03de2c0f7ff02ced4dcbcc24bde67
SHA512902eedfbb41e732ad8867c03543362624307acf3dfa9d995d31c8f841cbca4447d828c0cd5911648eba5770129032a54cf963a87fac7be075ad096307001d769
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD5d12db851697be280c2edd82959df1b62
SHA14dbe38e461f586c5406efd9aa6ebb0b33bff81dc
SHA256367559edc5bd48d4a739cf4b0e71df635f2828ef7077e3e1b29cfe9df0732b60
SHA512ed28a32d80a0cc0128e31d19f2480738c3218324d109b51c06aece8c608f8c7b1ec79fc211feca5f4c4a0c4b4ac5004d7b3f4c11c2734c0af83085ff0cbdb086
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD5dc8d0239f9738b7c989016fdc6825f4b
SHA1829977c58e3c5619e491719bff574b6517d4a81c
SHA25655953c70cfdcf2aee74bb8d822dddd18ebbbe1c1ede1652777625670c1f60df1
SHA512d42143a0d54c043828340c801e90acab74e1855d994b3eccd2a6c7533d423c2969e645db8ca5ab3ad231acd38100c7428d88a57e9c22baa4c692773d911a2cf7
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD5d4cf370895e285e2b8dfd897c9ee09a0
SHA134ca15160179eb72b5e943dff0fb65c79ee6aa85
SHA25641f06f4fa7e6af6f71fd72ac7931eaf38b7e8d793944c66bbc79cfa651fd8228
SHA5127dcae7eb01349c59a47e1ac5aca52ee0968fbe4021e78d1a44a755efd816215d9cbeaf1a78539fcda5d1485fb55460cf7c75f0a5f2a0c0c5f7e965855b125212
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD5af331c53275c090683a4c2144ffe1b5f
SHA1b4d6469a35b4f52a25f845e35609de1a2cbf3af7
SHA256e4caf64cd69b4d6d0dbbc13d18f1a957299a95a81719c0f3603da42e0cc3147a
SHA5121fb656024674a5b3533f0d4425addcba2669fdf3c01196476500bbcf56bf298a9d4dd22328c41f03760e2669998446717272a2527f87ec89ae8a9bf2ecbabf96
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD580c60da4c748869048fbd5827253978e
SHA13f198a611f7d42abf6343e26f09510c0e2a07521
SHA2569b42e03838879dc3e3e6538ac131c1dcf46d9a776b824745ff33414e8938da05
SHA512644478073508d51099ce4cc674e7253d019f102205046692593c8e04802c46be7f5a90f77402750770faf8d00aefccdbf45444137ea4b26a576669685f4313f3
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize9KB
MD54429c28613c7c2994d604590e79beaf6
SHA1e905eb4eadeac14148bc28e12a32d656bfdb8ad1
SHA25675a5122b5647c700df337a11dc62d194ab972c40454154e0140d1ec47a9dcf7a
SHA512b9a402fc771841500eb7be2693b8876215179c557a9e6c802954e0bffa9e42e1d9b70e327fb5ea1efdc7d9f9feeaf1cea794f60c1023dc77230c2d1ac06565e4
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize9KB
MD5faf3451587061d40fb3cf06be087de71
SHA1f2b0c7854fd305314b23415876be2cad603ea7e0
SHA2566a72dc35675c512fcc0f03ff93064d44c3f7df4c33d7f8636f0d223741df79bd
SHA5128f51d63cdbc11d9382719f858ac4715a1977453cdcb3872e693ecc5ab37d5157b44dfd7a482bd08e0b577654455f5a29a0592687c5bdf839a9f8738f87c9c1a1
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize9KB
MD5dbd00e654b4f60b6e14661c827e247dc
SHA1e61b89f9150514a04862b21d633bfdc455659da9
SHA256b49ec3d99c664db015b135baf90bb52f886f18f5abfa82733a731f115415fe98
SHA512b12810ce011cb2cd1e498762399b70c6df62f64a2df458f96c24c21529c198ec941b2ed92257fa22520cc51bcf5d7a7057fabf89b94040ef718df364f860b954
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize11KB
MD5fbd7235865ba98e2a2c2df9583b1acdb
SHA10806f37e490d5bc04d883dfa1a8684970b7cd58c
SHA2561ff2545ec4bb598d6083a288ed291ac138111f5132f23aa843c62559da2fbbee
SHA51276482cb8078fef25d8cdfacc804f4b72aecff459c0cf0592ffddb7dde104e8e2cec1d9e37a210603b90f07695c1cd950481f21c910ae84bf0f1853f8d31998a4
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize11KB
MD58bea98e7c71d51f0f2bdeb9c56a123e6
SHA1f28bfe4c7624c8a8f81bb8d931446ce695c18f83
SHA2560f9ccb7c028dbf51aa3d2698065460085097a72cee184c7607c1272db1fa7c93
SHA5126d8b07265618d6ab09a0367ae0c7e405446f6fa0277dd7cbf0bcfdf6181b2957ab3d0b2365ab2a2e47d6c146dc3ac6ea92cee4fb30683f6e490ef934057a0434
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize1KB
MD536a956e99a74eff3a23f535f1035f18e
SHA1b392c5130b2395a07bc5eeb37ebf7cb9259c272a
SHA25689989e41576b248703b35ce911fdad1854d87e25df36d77cf93544fa5e723254
SHA512605533c0d343552d8b52f867209cb542e9c53accc762f93ec14568d003b5770affce5970e4b7d41d55d035757e4c48d8b31cdef0098de27c5890b5a1fc566dab
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize1KB
MD5f49add9830a3c11a425971f1ad6c1a2a
SHA14a3196eb8e6591b6aa2d33e79b35820bbe50782b
SHA256a688d4a1267a1f36dc578d331b21fc43cf3847e8c0f8470b48ba34a22fcb0d5b
SHA512e7f46f1ceda05237aac383b11ee75a6ad6fcfd4f04085dd3d3c3f41e94039fe86ff39ff16c4399e9bfb89e392740d268127c1f376720e949fa368c2bcffce607
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize9KB
MD5beecc0986b9be4542ec9c764e45a35ed
SHA16dc1bc3b19e2d2f1920d24b28e7b7bf55eae1032
SHA256fe5e0ee8f35d2d788fa584b58c15d70261722b14726df016edf95c00f8977e37
SHA5123d3d80441b1099c6f81f9be69bf05981f4da15e5f62bf0d21571e16f77be7f94f2fc5db9fb994a36726b6c1ffbfcc9fb94eee1c4df819e7accbcc69b4dbc6075
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize9KB
MD5b2b01c6b642c38109d2155e028659df9
SHA18f88f0a43ad2d46b9412f318da73fad1edbac962
SHA25612013af53e86a57e805c92afa8fe9dd6588c0edb933db057095b4a7cf98244ef
SHA5122297156c1ffaf7ce6237f9054341460138ac852f228b2079bde991329951f07ef47e67d513cee028bbccef17aff74258b813b491f7594cb058fb96c728bb6b54
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize9KB
MD544dfd1f4aa25c1959b7f16ed5d2aa1b9
SHA1c7813e3b98e03ca0d3415a8962a5ad3d4bd715ad
SHA25634e232b5603c1e75834f7159b076447026217908ef9a44c328764c104bed6c73
SHA5123a76ada8e20f07bddbdc2c74e20fa08e21d77cca15320247d691de60ffabd015c6887eabde43884e1c7eb5938ae74ab660f968f51e31bab1b24c47227dfc40ef
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize10KB
MD51315859ae77f7efccee561f8d769499b
SHA1448aa07cf9e391751761af2d62704e781e566d5c
SHA256caefabe455ceb223596c563044e5c27084065954be2563dc6589861ed24ebed5
SHA512d94c96d06790043c8a8727c47759437ff65a1701b9d57554b0077018e96b7a3ebd6639c39d47e71879e2bfc5fb043b4ff523a27642ea1c4e53e54742b879f675
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize10KB
MD54bf0e0f982471d20607d7ca9fc4530a1
SHA13c46d8e5e9d1b05bcd7014db40badab34727ba6e
SHA25608363b9da440279fb67be0fcf1ace0e9dfc962bac0a4f2cf14354355465decf7
SHA5121a6612964aa0986476e53aa8bc9bf19cdacd18c77e7ceae20db62c65110a92c8608273760758deaebaf01217384a3376ce1e8a30a8c72c42891b4e86632c161a
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize10KB
MD5e5b4093533c2147eebb197aaf4458991
SHA16ba76eb01c9c53d8a8a9cb1590ffc51dfc3456ca
SHA256569368e70b627c2d6f8e3c13e79a855d345cdb7575e135a338e3574a627c5392
SHA512464a9232cf7402688556607aa48ba10b82c65704d0265886a641b97aed09b37686f43c4a2dbeafb08ea54da534186300341bae4fc8a9e883ba4458f5fcf1d3c6
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize10KB
MD530a6abc9a281af4be57307eb40741874
SHA161a0e07a66396a6444a59d9a371ea645a1e05a5a
SHA256648900a39840c9802d02d8920f49e0e183d15f9cd6dc74b6ca0a34d3882e72c2
SHA512443acb7f07dac1fb1419b6930df44aa9f17751bb9074c25fefb7a8c9ba4552ce96b69636588c8656148fee47fbfd33ce9b2dd765e8a4143e3ddbd877a57ee921
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize8KB
MD525f5a327dd5a4920d634f59a4df4daae
SHA11c63bad8b2b9b2d039899eed2179d9e5549c5748
SHA256fda273f96a075409c5344316ce5df216f8c6aaf7b1e2e58c43027d6b735daf8b
SHA51252ddac568cd0ba89a501cbccf847f9d01b1e1006d53f9df46b823031ab2af3a448aafdb779d7607da4d89432c91e998244c467d9e55201363c22653df4c6aa2d
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize9KB
MD51c6f1aa1bb1edfc636b1db77d6aceb1c
SHA12c867a74eaf82681dfd5b4101c64370ffbf9e2e7
SHA25628290b70669a3d63d0fe88ef587d7c1a4eb9d5cc8976dad1b601afbd7056732f
SHA512016aabfcf133f73698107a120218d2ec908aafd3fa28b6eeba2148ed60663960ad4111c4f5a4e25c84ae1ac00d4a66367ebf7dc599507d784b9b5cd8948379b0
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize9KB
MD5caa5e4daeb2940b6d669577ab125d4bb
SHA160b47da296813d5c2cc4e4ee01c8923110ba0e9b
SHA256bd8b23d230dc0afe79555ada81fb1e6402521168a9b510c6d8568686aeb9fc0a
SHA51291dac2989d1c439131666b96ed33ac079bb0dceeca5a76df607782350695a0988bf4dc2422b0ba5ce6be0947ae1940fffd7de6b49f3a6d5f45d3585819147ccb
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize10KB
MD53f1c4b2c66bde4120512d428d2695f60
SHA1d111ef7c6461241ac7649c7ab110917e414d3e10
SHA2560271d1e3758e5730ad9e5ca511f3500a325bffd7a230bff0bdcc5274455bb9e0
SHA512e7c4dcd99ab9e6d5dcd62db858c303380297f37e6c83ca7f097739d46e30215eb72f43f62157d64f7a26c9bd7c14a88ea7f5cf40afb4dcf943878759bf567468
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize10KB
MD548d22362d78a44978b30c14d34b7be27
SHA1d2c254be0d069892cd061ea1729737ac199ef017
SHA2566e9d405af6ecd37331037c533f6ebd42afbbbee9717c1ffd06f98f431628fe02
SHA51276737fe2277c0002b88c31f4897b3fb35edc275c3ee74e8fd5fefc7adcdce9dda935a77b9d733a5c112db25becef0095569e3a17dc71542bc529f611e1c417fd
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize10KB
MD55e096ff224a2fb021382a85b40540a28
SHA1f9357a59d27a54e30e6d0fa8d41338bf37e0388c
SHA25667bb1334f285d7e1286baecf539aebe000d2ae146123dd8ef49f0ee29eeb0bde
SHA512ddf07ccf7b34b5d24073dabeaa1fa336baf33d14f6108be3c2ee6a32a57bc4d1dd112c373358548a4577dafc3572a93da85356be04846ec832368960c156f39f
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize11KB
MD52fac0880c456d9f35d3a8c396da4cfe5
SHA1a9a45688a685faf672b0cd31bf792b03e43b1b48
SHA25671d5fc571cb5b02ed4c296f716f830f9d2c9bfc7cb4985385b50d160db4f3266
SHA512b1cf5521026c23364d18de691400f19439a81937cc95431ceb208363000dfa17feeaec5739893e73184db5939c8ddfcd87f0fa28388b492c7f8981c417a5f87b
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize10KB
MD5f7a35e0cf69980159ba0cf99abdb102c
SHA16af3f2ad8fe457ac13754317810bfc4190932e3b
SHA2569064ad34910f2192aff351db52a1025fa57cfe834794d1498c02cc35ac36cc47
SHA5123d79e08955ef1810e9eb18ab6577cc8f5ed837c70ef5257d6021d4fa0190d6de8406f42ffff95fd0f55ffdff3b4287fef8a7ce806713bb6feff8ac112775a3c5
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw
Filesize10KB
MD5cd5bce1866ff9943171a24f9213cedb2
SHA1b1a7df3e937cfe45e2ded9114c9e31f6e1a75d42
SHA25608a360f3fc396e0895524db2b25b624e156a2b9c505452bf82b7114f6d3105b8
SHA512d5bfcb194b81c329bda3545fae0b3b7392941070c8f410fda98a88d46e03ba4acaff8870b65ff5aa5d3b26718f9d622996e4c4827f974a147f82ad950f87cd8e
-
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\StatsSessions\session_fddb2d35-4244-4353-b037-198c3d42d36c.raw~RFe5e565b.TMP
Filesize461B
MD5410e59a78743261881f8ee61f89ddbc5
SHA1853fd9fb733418616b7d5cc9e5dff670f8a594ae
SHA256eef0539226e9f78c60f0154078d0147b4951865cf93af6ddfd8df356156d1a00
SHA5126d0954eb6ac165548c61af3097692468c395f103bedc0a37e8a45e863e787e75488ec023e6c65994ba7ad6868682a735e88f37ee09faeaef37e735e6bbb3ff85
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
1KB
MD562d514489691dbdf357516a90597b57a
SHA1d371f66364fa13e7bab20c36cdea402a306fac43
SHA256c5bafadad066c864960a89bb97b5aaaa8231c07992e7e71d14e845247b657d32
SHA512e7460f48acb77cd2312749c68e8fee8706f9c576c5fe0e2dc9ee3ae1d97d3c231a3f19938114e41ae260662ec650c4deb8e6de8d092f1e4ffdcb89b73aed643c
-
Filesize
3KB
MD58a999aeb2fb7cdecf7358d8bf85c9825
SHA1095e13f8ffddb346a2576629e75f2d9ba5039829
SHA25642b462e4c3de1d9cc7cbfd1c7f625847a9085592f836fe0feff4692b65dff947
SHA5120ea80839044c5b5ff2636f10aad7ac4416c8571232ff6383e28598c9f5e557e46c3053949f8019de7a492a71064cfbce3c11a7d81ab4036fb04711a1ccbcc001
-
Filesize
595B
MD528126be1d225323353bf93dc3d9761ad
SHA14c982cca2dda0f7d85e23fb381483eb7ed7aa749
SHA256d7aab21075e66d5e87613b313a79306ceaa77e86bb7a52259293b26fb4450f6a
SHA5124f196b71c0c5e05eadc079054cea32f98ffae789371c374ae1366f15b7297684fa02b318b7419d8503a23e84283d8e6d414a7977a83c0e7652b7b07aee9f8276
-
Filesize
688B
MD55981a33e4fb5bf5a6e6c696c1a18ce89
SHA17946f39a356768c86276434ab5eeb35b663b6829
SHA2569955cee913c3bf3aa9afc3fec27b039057808852e713ae1f49946007e551470f
SHA5122bad38829d15d1279594f5cb4da6e01661b2786b09c54a3b63e130744c73ff78847dac9ba88ca11069bbacaccd5af7b0cd479ef6b3ae37af35ecff2ced38be8c
-
Filesize
782B
MD5db30790ac5f6f9603ff863d2ffa8f003
SHA1b0a6a41f47306c658ba2dc48fc1ff2c323074f05
SHA2565e57bfbb053654128d3c5a36c7f4a0d419896c7b91278bec692342c4d72dd710
SHA512f5cc430903ecf24fc439c241c059abf10ab5cb3e5f84a0c5e61c5ee2e9c95295cbaa3c5b0c8d61a280016407be099845e9d6a9ddd35614ee8120102ac29dcaea
-
Filesize
871B
MD57fa0e15f1a2af2b2d889d469a040626a
SHA1fb820a6574469556b32311e0dfbf62393dae743b
SHA2567360c177495e81bf44007cd582c8fa4b53bf98f05a95a5dc571609dd52c159df
SHA5129d05f0c692243b817b66817e2f6901f9afc66a96d351bc760b708e9420fa90f51b6b939c9a230f537679314bbb70ee87cb8a7b31b0e8aa7d54b1398284def618
-
Filesize
969B
MD5701de4c762e27eeb957872bf4cc466ea
SHA122e59adc4dae38e57151fb939cae1784e5cd80ab
SHA256bd0a057e57267e5637bcd15f1588f7f669229626eb4146f68fa643b2c2ea6065
SHA512f853be51d9140ddf16a54449277a3d4c03e4d41b3a9da5d81c3b67501ba8efa5fe591fa12ef5e62878fb5e9e1a4057a13e2c78c6a02f83caa3ee2d0e46765549
-
Filesize
1KB
MD5ac64db514dd041b2277e2717b0b6c851
SHA17aa1bac9730a04b5eaa21f60bf1fffe7e3708820
SHA2569e4d9471da9ac8ce2527c4f3b32d9b7f35ed53efc3d28193012312865e588157
SHA5127cb631eb0086b4b113ed185c44142541da66cded684f7e100c9c4e970524b62c53ca32fa16f8287c09e505a41583697cd0e9c603546302a70c75ed971d11c3fd
-
Filesize
1KB
MD5ef3389640995298c2c8a1cf37433755a
SHA1f4392836413d9aa8a6e8295aa561c658aed2e33e
SHA256af09bfabc93f353f4871b82a5834e2ca517f496a0abbe6d38a634df224da0f39
SHA51285712adf6358daea342eef8cc05e6730b3044f799057a9db8771a6a8cbeefa219b549193868941142d54475f50a04690823b0064f513ca85557a2ecbefcaf71d
-
Filesize
1KB
MD5e37ed19527fde5a2ae8a403657ab8558
SHA1f35d753359cff7682e05299f75988b23ae656945
SHA2562c760ba9d46fa85fa2049e37ebe9035e88ae8de5ebf37faddda96a6af1ff2f78
SHA5127817e3506752a99aadbaa02bf97439868aad36c4eaf119f44250efa00c70d72cba32591a7d0d77f20f7fcf191bd13ef9c9d5ab553e51ba3e09165b7d08e6dbcc
-
Filesize
1KB
MD5f083ddaeb8dee976149706adec72933d
SHA16726c08a5e9dc3307ce737eae16381d1aef151dd
SHA256c48b400c2efef2394d37c3b913feb7bb6ba7751d9038baa526bc892c1fab5f40
SHA512b075dae4792ccad9f178a87a612cab1a371d6bc25c0c3e3b28845b87f6b04d9194ee932b8a4400363f64fcc1056f030bc731010c4c09ddfb3dc77c8a4bba2d9d
-
Filesize
1KB
MD5a2287e534672efa021dadf28ce3f2d00
SHA1830bbbc5bcb770f0c443430fcba5fe5d6b9e0a8c
SHA256a455506f667f45baf3d9bd52aa5a9e6060f39e05fb16c72d2f2cb75b03073269
SHA512e79a5e01c27591e1dcbe61ec4684ba46abf926b79f33d19e49ef0631cd3ffb4730f1123f4654958d946a909108e97f9312d425b720007bb5e9094ddd1b61181c
-
Filesize
1KB
MD5cd3ab425a044c6a9504268f9a9dcefe0
SHA194b751761f54837393cc4c98b16ea8e1726103b6
SHA25646fda5ab0017065c9195a9c6a19d1fd9d5e75dd430ec64ff7632723458b83f4b
SHA5128f74573e83b64fdd91ebd811d57bec898545623ae4edacdd4df8484800ae801f35bde2eebafbcd3a35b0e36df3f4d8ea38eafe4888b8d4127784a40b09b38709
-
Filesize
2KB
MD59faa3dc73e3f3f9bc410bd908da6eb94
SHA18e75290f56de7465782905c91828c8150ef383e5
SHA256b90521c8a6100c079d1917082bdd6fd95d8ad75d55c37d966921f784919a0740
SHA5128356644f1be92168ff24bc295c3de754bb8746fb5cd461d7998558378e9b23c58e4395bdc92ab1ade39069fbfa9a0073c6acbd6150ab26e4804cca3c081291ce
-
Filesize
3KB
MD55f123836dd6c3f7a06b21e5d7024a377
SHA13612f2f40c24bb00ada730a768b441fc21471780
SHA256cbb1403c9990a859afc9c65af579747977d8995c87c3dd03dca814048c01bd69
SHA512f2b2633c96b28bde8786d40e5c74c749b01bb58523bea600f2f34e579bdb2fe3cc8abcb774f969e84464536e33ce020c5c236e2616b50901b728b98bbdfedc56
-
Filesize
3KB
MD50d523d33511d4d0da586995be16f7c5d
SHA1dee3f5ee53af0df9daa68f016fd3846235a638e1
SHA2561b6bf046cd474bdc95f81f15d44e4173f0ca5d085f8e95dfdeb912b3cb1183f3
SHA5129c164203d049543872dc0ef4f8022ee99b66061eb842bbeaa1a11c2c19632e679e677598cce3a3bd3e012c8508ba529c4efdddbb39484646532a34e166818a66
-
Filesize
3KB
MD5c136a1eb1a5632b3770217a34b1e47a1
SHA18cd53efa3feaa72740271c494b685dc5294c28fd
SHA256109e848ea80b8dc2242ddf5d980ff3c920dfd92302c23901c09812e0cea6c014
SHA5128d90b6c51e2d1aa389eac8db6e7aa01623b6864c0035e2cec80464b16a9dab2ee2a18ef1583e0e38c011410c2216f7551c67384c1589084a656681344992f1dd
-
Filesize
4KB
MD5cced5d1b512cec38b484cf6347b4ff32
SHA129984d006ea50cbf9f86a8ff0e835f7c47eeb02e
SHA256c5cc27082800b2404a0101d48bffda6b3f6f8470b82572eb4938bffaed5d5188
SHA512f1018bcb84c7bfaa73c4dc98f0b2075b460396a21608082e0e9fcda19f40c6e6324afdb17bd56a1110e14b6806a836d6ba3f21442c6080701bfd55c6a5de2625
-
Filesize
4KB
MD5388e6e1a6c6cbeb31daf95a2fe00be55
SHA12e6a73864aa31da48dbfc0543f4e67f2cf23eebc
SHA25680b6c0b823bbfe6a680fd675de32598ba8dbd657189ee2c1fac1b395151167d1
SHA512e93f51bfae9b2eef848979c402db6243046098f48c2098d5d667c75d19795012402db8a1ac5b72eb6aa2d52f8c06e3f057ae827cd115d07ec7b91c630e81a0e0
-
Filesize
4KB
MD5fd28037904fad5a56134fa2b7bc3b189
SHA1c6944c515936d610c422fee670064e22d6e7070f
SHA2560703e40952f3778d4ff589e7a7e45d468e8479f6bf43f3ffa55d6b1d7746ee81
SHA512c8482222ad3ee8e0046adf2d44c60f564cff0583c26e0f0ec2f0d282d04f3cd16a9d26ad01745ac6af1a2c2d464311a6e3e1003013ec66aa563a5defe1337061
-
Filesize
4KB
MD56bfbc9a69732163ff54f469cc8d6dd82
SHA1e9d8a8e57db5259e0737106209ca1a27d0a978f1
SHA25600ddec35a7788796b5338493bdc03740d4b09f813fdb89d18c063f8f50cc667a
SHA512a79ca2ffdc42ba2239b063354651eaf2911eec4657e769ee8096a7f68e485574db97c8e5b96f602a5357ea01f0f7e4de3540cd13a2188c1cb05cafb25857eaba
-
Filesize
503B
MD560a6b29a5f19bbb44aac9bde3ecc7e57
SHA198461eb3bd78b34998b53c10cfd5be58db3ffbc7
SHA2562843df26b772378be7b10681ac16141c1523edc24c0d829051315ec07c79dd91
SHA5124d3e8ce62c3a60fc656a57f9cf2f90642d6b40815be1fd0728291f2294b344881a3ada8e74fbc4cd41832409ba83dc982341447e1682bfbaf38d1305fc5f0de1
-
Filesize
411B
MD5e5c67b1d4e10398231f5535d08a7cea3
SHA1fad121dc0a30a635d27a736ca35918d8194a733d
SHA25686cdeced39fa591824fe33c793a36bd464c6ded818daa8afe500eeaf4573e76b
SHA5128e1c20f5f33de721f058854e42cf1d6099035e4afb5587415a59787ec7ad7eac739735f0207ca4fdb75547203f46cfaff56a9495eecc87ebab60ccbf54fc63e4
-
Filesize
200B
MD557db1eb8f4181aee907359c56b35acc2
SHA1dbac895ea87a94746e6ddc072e66618b6ff23c7d
SHA2563cd4e2d3185c27ad6ac1f9e264f24b1bcdf163e83b93a4ac5004b242c46bda0e
SHA512f0603add0b5be80925e587684837ddea3f42b94b0bca54ee0e963b26d31d873fe21957e7ac3e2753f5cbb13aee5476c4b78ef6ce954c8b7a124a39c0196bbc39
-
Filesize
171B
MD538b4352cf2d4b7afb1c48b4fab315ec7
SHA15aee0c3c370a41f6a9a35ffb7e668dee3f76d39e
SHA2569c1cdade7cf07cc976d040906566d822be12022f5d0954ec278065701e990fb6
SHA5126cb32695fa19250c5a5a0e9920d388479e09d0be0850ac2953683dce41eddf9de712b8a4c4ee76125c391f1b348909f785dbf1228866fb8674ea766effe54d2d
-
Filesize
672KB
MD505b754c0961dab26b760e3d0ba4bc1bc
SHA14410edc5bda1a84a43fa89ffb992987b45a72a73
SHA256d0439531885aabfd4235f21303cd202f5dd60a0125251425cc2a6aced15d247b
SHA512aa1028583e596e8122b50980847442038c88bbb5fb866654994564d26bc52a347bab739e17fbefd5838aec678f5f956a495b5206f8baa9549ff429593035eb8e
-
Filesize
501KB
MD55af55b00cbad7d894a5c912376e3c0a2
SHA1fe01681dc3948e4e5ed1500faf25e9573292d182
SHA256708a93551d961679e4efc9f317161f09f83571a503f4d1323f8c9992e78cccf0
SHA5128df02f9c871dcc346245c019db361eb7df328aa7bf39fb056779ce09d7d64bafcf5e1310b5760f6b4a6c9bbaecaeed7aac8a911381254ffc76c4c6977efd08e7
-
Filesize
3.1MB
MD5ef66d6fc1de459e5bad6e655fafa967b
SHA1a21f8150a8486e7ced283037e8f54a3ffa5f9ecc
SHA25673e0ae15523cf23e7cf4219c99b8db492f92cf2e30cf9868d9ab5508cce2e6bf
SHA51232bd721e2813beb7fed25f682159b62188b23a840f1df8f8fffa090b375c9fdd725fcfdb2f13f6bbdc63a166d24972b54d2b64f86e48a5c92e0b7edb2c0926b7
-
Filesize
47.3MB
MD50e030446ee3397a69dc0bd97b9014df8
SHA1bad8ea9d5bb6873e390a578af88ae3bb7ce0c94b
SHA256eff72a8ffe1174944f98a82d0a490e5028311a3e9fc81fdd2fec40c719d5e701
SHA51258ea029250a5177c86ba96ee372c34d16e7b20e06a8dc029f5d71a855a0439953740d492d6c56daae4305e7d459d1b17a3ebc1264dc49e63036aeda9d4ec29b9
-
Filesize
185B
MD5f816ec8beb48c1987bcb0f93df03d5bb
SHA1a70f71188d237de63b6ae99bd3010010e8eb8a7e
SHA256a175ff3e44628d94ae9274edba19534f044a60e0fda70f4a02f656bfbcfb8ee3
SHA5125a546e99ee3300cdfd9636973dc77924497bf3341be50dce206ec12e3676c0b6c481e43de1ee751b04c1496f211bcd00f8a373ed8739362d05f0343bbd98a7bf